2023-002 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N2020; 227WAWA3N2020
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. The Office spent about $45.5 million in federal funds, more than $44.8 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping, and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require the Office to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial and performance reports, and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The federal grantor, the U.S. Department of Agriculture (USDA), requires states to monitor subrecipients at least once every three years. During the COVID-19 pandemic, the USDA granted a gap year and subsequently provided the Office with a waiver reducing the monitoring frequency to once every four years. Based on the waiver and a total of 503 active subrecipients during fiscal year 2023, the Office was required to monitor at least 125 subrecipients.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the CACFP.
During the audit period, the Office identified 239 subrecipients that required monitoring and assigned them to a monitoring plan for fiscal year 2023. This monitoring plan would meet the USDA’s minimum required monitoring of 125 subrecipients, as well as allow the Office to catch up on all monitoring that was behind schedule since the pandemic gap year.
We examined the Office’s review schedule and quality assurance tool to assess the monitoring completed or started during the audit period and compared it to this plan. We identified 84 reviews that were started during the audit period, but only 50 of them were completed. We found that the program did not start or perform monitoring for 155 subrecipients (65 percent) in its plan, including:
• 115 subrecipients (48 percent) that the program postponed until fiscal year 2024.
• Eight subrecipients (3 percent) misidentified in the plan because they no longer participated in the program.
We examined a sample of 17 subrecipients that received financial and programmatic monitoring by the Office during the audit period, to ensure they were performed properly. We found all 17 subrecipients received adequate monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to the pandemic and gap year during 2020 where no monitoring was completed, the Office fell significantly behind schedule on its minimum required monitoring of subrecipients. The program has more than 500 subrecipients, some requiring monitoring annually depending on various risk criteria. The program was understaffed, which presented a significant obstacle for the Office to get its monitoring plan back on schedule.
Effect of Condition
Without establishing adequate internal controls, the Office cannot reasonably ensure that it can meet the minimum monitoring requirements imposed by the federal grantor or maintain the schedule identified by an internal monitoring plan. In addition, without proper and timely monitoring of financial and programmatic performance, the Office does not have reasonable assurance that each subrecipient has complied with the terms and conditions of the subaward.
Recommendations
We recommend the Office strengthen internal controls to ensure it monitors subrecipients according to the grantor’s minimum requirements and other federal regulations.
Office’s Response
Multiple staff vacancies were a significant contributor to the Office not completing the planned monitoring.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title 2 CFR) Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-003 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N2020; 227
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. The Office spent about $45.5 million in federal funds, more than $44.8 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number and title, obligation amounts, project periods, and more. When some of this information is not available, the pass-through entity must provide the best information available to describe the federal award and subaward. In addition, pass-through entities must impose requirements on subrecipients so that they use the program funds in accordance with federal statutes, regulations, and the terms and conditions of the federal award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to CACFP subrecipients.
We identified 291 nonprofit subrecipients of the program who were paid with federal funds during fiscal year 2023 and were subject to the Uniform Guidance requirements. We examined the various methods that the Office used to communicate the required federal award identification elements to subrecipients. These methods included periodic permanent agreements, an annual application process, and program communications during the current program year. We found that these methods did not constitute official subawards and did not properly communicate all federal award elements, terms and conditions, and other federal award requirements to the subrecipient.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management responsible for ensuring compliance were not familiar with subrecipient monitoring requirements. As a result, management did not know that the program must identify and communicate the federal award identification elements to subrecipients, and that permanent agreements and annual application renewals do not constitute or substitute for a formal subaward.
Effect of Condition
Without proper identification and communication of the federal award, the Office cannot properly notify subrecipients about the required federal award elements, nor impose requirements so the subrecipients use the federal award in accordance with its terms and conditions, federal statutes, and regulations. Further, the Office cannot impose any additional requirements of the pass-through entity on the subrecipient to meet its own responsibilities to the federal awarding agency, as well as other requirements as specified in the Uniform Guidance.
Recommendations
We recommend the Office:
• Establish policies and procedures to ensure subawards are clearly identified as a subaward and communicate all required information according to the Uniform Guidance
• Establish internal controls to formally communicate federal award information and requirements to subrecipients
• Consult with the grantor for additional guidance on subrecipient monitoring requirements
Office’s Response
The Office concurs with the finding.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-004 The Office of Superintendent of Public Instruction did not have internal controls over and did not comply with requirements to verify single audits were completed for all subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N2020; 227WAWA3N2020
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. In fiscal year 2023, the Office spent about $45.5 million in federal funds, more than $44.8 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping, and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require the Office to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient for applicable audit findings pertaining to the federal award
Federal regulation requires recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have internal controls over and did not comply with requirements to verify single audits were completed for all CACFP subrecipients.
The Office had processes in place to monitor that subrecipients received single audits. During the audit period, the Office had 503 CACFP subrecipients, and 47 of them were local education agencies (LEAs), or school districts. The Office’s federal compliance staff had a centralized process for LEAs to ensure they received the required audits, and we found these controls were effective.
For the 456 subrecipients that were not LEAs, the Office used information in the Federal Audit Clearinghouse (FAC) to identify subrecipients requiring a single audit. If a subrecipient that required a single audit did not complete or file its audit report timely, then the information in the FAC database would lead the Office to erroneous conclusions. As a result, we determined that the Office did not have adequate controls to identify all subrecipients that required a single audit.
We also determined the Office did not have adequate documentation that this single audit tracking process was completed during the audit period. We identified 62 subrecipients in this documentation that program staff compiled from the FAC database, and we used a statistical sampling method to randomly select and examine 12 of those subrecipients. We also judgmentally selected one subrecipient that had a program-related finding during the audit period, for a total of 13 testing samples. We found that one of these subrecipients required a single audit, but did not complete or did not submit its audit report during the audit period. The Office did not have any record that staff followed up with this subrecipient regarding the missing audit report.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The program staff responsible for the single audit tracking process retired, and the Office could not determine if the process was completed during the audit period. In addition, management was not aware that using the FAC database did not provide reasonable assurance that the Office identified all subrecipients requiring a single audit.
Effect of Condition
Without establishing adequate internal controls, the Office cannot ensure that all subrecipients requiring a single audit receive one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure it identifies all subrecipients requiring single audits and follows up on any program-related findings, if applicable
• Follow up with the subrecipient we identified as not having an audit to ensure it obtains its required single audit
Office’s Response
The Office concurs with the finding.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Audit findings, establishes requirements for pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-005 The Office of Superintendent of Public Instruction did not have adequate internal controls over and was not compliant with requirements to perform risk assessments for subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N2020; 227WAWA3N2020
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. In fiscal year 2023, the Office spent about $45.5 million in federal funds, more than $44.8 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping, and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the Office and operate as an independent center.
Federal regulations require the Office to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Office to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and was not compliant with requirements to perform risk assessments for subrecipients of the CACFP.
As part of the audit, we requested the Office to identify the key internal controls it had in place to ensure it complied with the requirement to perform risk assessments for subrecipients. However, we determined the Office did not perform formal risk assessments, as required by federal law.
We consider these internal control deficiencies to be a material weakness that lead to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The program staff were not aware of the Uniform Guidance requirements to perform risk assessments and were relying on their other program monitoring that followed USDA guidance to identify risks for subrecipients.
Effect of Condition
Without performing risk assessments, the Office cannot determine the appropriate amount of monitoring required for each subrecipient. It also makes it less likely the Office will detect a subrecipient’s noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Recommendation
We recommend that the Office establishes adequate internal controls to ensure it performs risk assessments for each subrecipient to determine the appropriate level of monitoring.
Office’s Response
The Office believed it was meeting risk assessment requirements per USDA guidance. After discussion with the SAO regarding requirements in the Uniform Guidance, additional areas will be addressed to ensure compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Audit findings, establishes requirements for pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-006 The Employment Security Department made improper payments to ineligible beneficiaries of the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed, Eligibility
Known Questioned Cost Amount: $603
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to people for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
In 2020, the U.S. Department of Labor (DOL) established new unemployment compensation programs, including Pandemic Unemployment Assistance (PUA), to provide additional unemployment assistance benefits to eligible workers affected by the COVID-19 pandemic. These programs were extended and modified through the American Rescue Plan Act of 2021.
Under the temporary programs, which expired on September 6, 2021, states must process and pay benefits to eligible people for all weeks of unemployment ending on or before the date of termination or eligibility expiration (whichever comes first). People eligible for PUA included those not eligible for regular unemployment compensation, such as people who have already exhausted their regular UI benefits, are self-employed, seeking part-time employment, or lack sufficient work history. The first week in which claimants were eligible to receive PUA benefits began on January 27, 2020.
During the pandemic, people applying for PUA benefits were required to self-certify that they were unemployed, partially unemployed, or unable or unavailable to work due to COVID-19. However, in January 2021, DOL announced a change to federal law through Unemployment Insurance Program Letter (UIPL) 16-20, Change 4. This change required that people receiving PUA benefits on or after December 27, 2020, submit proof of documentation to the state substantiating their employment, self-employment, or planned start of employment or self-employment in order to receive their benefits, regardless of when their benefits are actually paid. This includes people requesting retroactive payments of PUA benefits that are not received until after December 27, 2020.
Description of Condition
The Department did not ensure that payments were made only to eligible beneficiaries of the UI program.
We found the Department had adequate internal controls to ensure it paid UI benefits to eligible people, and it materially complied with the federal requirements. However, we identified questioned costs for benefits awarded to PUA claimants.
We used a statistical sampling method to randomly select and examine 78 out of a total population of 20,447 claims for weekly PUA benefits. For these claims, the Department was required to determine the eligibility of each claimant to receive benefits, including verifying proof of employment, self-employment, or planned start of employment or self-employment.
We found three instances (5.1 percent) where the Department paid weekly benefits without requesting and reviewing documentation from the claimant substantiating employment, self-employment, or planned start of employment or self-employment, as required by the federal grantor. These three claims resulted in $603 in known overpayments of PUA benefits by the Department, as each claim was paid after December 27, 2020, and during our audit period.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials did not correctly interpret the guidance outlined in the UIPL change to reflect that claimants were required to provide documentation substantiating proof of employment or self-employment in order to receive payments from the state after December 27, 2020. The Department did not request documentation from PUA claimants to substantiate employment prior to paying the claims.
Effect of Condition and Questioned Costs
We identified $603 in known federal questioned costs and $208,975 in likely federal questioned costs. We considered these questioned costs because the people receiving the benefit payments did not meet all the program’s eligibility requirements at the time of payment.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Verify people applying for PUA benefits have met all eligibility requirements before issuing weekly benefit payments
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department does not concur with the finding.
The State Auditor’s Office asserts the Department incorrectly interpreted guidance outlined in the UIPL regarding PUA benefit eligibility requirements. However, citing the UIPL below:
UIPL 16-20 change 4
2. Requirement to submit documentation substantiating employment or self-employment (Section 241 of the Continued Assistance Act) (new).
The first full paragraph of section C.2. of attachment I, UIPL 16-20 change 4 says that:
“Anyone that receives a payment of PUA on or after December 27, 2020, (the enactment date of the Continued Assistance Act) will be required to submit documentation substantiating employment or self-employment, or the planned commencement of employment or self-employment.” [emphasis added]
Under this guidance, the claimant had to first have been issued a payment after the Continued Assistant Act (CAA) became effective (regardless of the week or weeks the payment(s) were for) before the Department could set the issue to request the documentation.
In the exceptions noted by SAO, the first claimant wasn’t paid at all until 2023. Once the payment was issued to the claimant, the PUA Documents Required (PDR) issue was properly set. In the second, the claimant received some payments before 12/27/20 and then had other payment stops on her claim that were not removed until 2023. The removal of those payment stops triggered a payment for the remaining weeks claimed. Because those payments were made after 12/27/20, the PDR issue was set.
Under the same section, item c. limits the date the Department can start the denial for failing to comply with the PDR issue:
c. Failure to Comply. Individuals who do not provide documentation substantiating employment/self-employment (or planned employment/self-employment) within the required timeframe, as described above, are not eligible for PUA. For DUA, if the individual fails to submit documentation substantiating employment or self-employment, the state must establish an overpayment for the entire DUA claim, per 20 C.F.R. 625.6(e)(2). However, as provided in Section 241(b)(2) of the Continued Assistance Act, for PUA, if the individual fails to submit such documentation, the state may only establish an overpayment for those weeks of unemployment ending on or after December 27, 2020 (the enactment date of the Continued Assistance Act).
For example, an individual has a PUA claim effective on November 1, 2020, and files and is paid for weeks of unemployment ending November 7, 2020, through weeks ending January 9, 2021. Because the individual received a payment for PUA after December 27, 2020, the state must notify the individual on January 4, 2021, about the requirement to provide documentation substantiating employment/self-employment (or planned employment/self-employment) within 90 days (by April 4, 2021).
If, in that timeframe, the individual fails to provide documentation or fails to show good cause to have the deadline extended, an overpayment must be established for all the weeks paid beginning with the week ending January 2, 2021. This is because the individual cannot be deemed ineligible for a week of unemployment ending before the date of enactment solely for failure to submit documentation (emphasis added).
In the cases reviewed, the claimants did not respond to the issue or provide their documentation. Because the denial is limited to only claimed weeks following the enactment of the CAA (weeks ending 1/2/21 and later), any weeks from 2020 that were paid in 2023 had no potential for denial and therefore should not be considered to be incorrectly paid, similar to the example given above from the UIPL.
If addition, if claimants never claimed a week ending after the CAA was effective, the PDR issue will set but never be adjudicated because they had never claimed a week that was potentially deniable.
In discussions with SAO, the Office cited paragraph b(ii) of the UIPL, to indicate that any claims paid by the State on or after 12/27/2020 require the claimant to provide documentation substantiating employment or self-employment within 90 days of payment, or when directed to submit the documentation by the state workforce agency, whichever is later. This section of the UIPL solely lays out the requirements for establishing the respond-by dates for providing documentation for review. The deadline for responses is different depending on whether the PUA claim was filed before 1/26/21 or on/after that date. This paragraph does not establish the requirements for payment or non-payment of PUA weeks.
Additionally, the Department received further guidance in a webinar with USDOL on Monday, January 11, 2021, which reinforced the methodology used by the Department in these cases.
Auditor’s Remarks
For the claimants in question, we did not receive any documentation from the Department demonstrating that a request was sent to the claimant to provide supporting documentation substantiating employment, nor was there evidence provided that the claims in-question were suspended due to missing documentation from the claimants.
Federal guidance contained in Attachment I to UIPL 16-20, Change 4 – Pandemic Unemployment Assistance (PUA) Implementation and Operating Instructions stipulates the following:
“Anyone that receives a payment of PUA on or after December 27, 2020, (the enactment date of the Continued Assistance Act) will be required to submit documentation substantiating employment or self-employment, or the planned commencement of employment or self-employment. This includes any individual who receives any payment of PUA on or after December 27, even if the payment is for a week of unemployment that occurred before December 27, 2020. The deadline for providing such documentation depends on when the individual filed the initial PUA claim.
• Filing New Applications for PUA on or after January 31, 2021. Individuals filing a new PUA application on or after January 31, 2021 (regardless of whether the claim is backdated), are required to provide documentation within 21 days of application or the date the individual is directed to submit the documentation by the State Agency, whichever is later. The deadline may be extended if the individual has shown good cause under state UC law within 21 days.
• Filing Continued Claims for PUA. Individuals who have an existing PUA claim as of December 27, 2020, (the enactment date of the Continued Assistance Act) or who file a new initial PUA claim before January 31, 2021, and who receive PUA on or after December 27, 2020, must provide documentation within 90 days of the application date or the date the individual is instructed to provide such documentation by the state agency (whichever date is later).”
We questioned these payments due to the Department not receiving any supporting documentation substantiating employment or self-employment from these claimants during the audit period, and failing to establish overpayment notices to the claimants during the audit period. For all three payments in-question, the claimant filed for PUA prior to December 27, 2020, and therefore would have been required to submit supporting documentation substantiating employment to the Department within 90 days, or as directed by the Department.
Because the Department did not receive supporting documentation from the claimants for these benefit weeks during the audit period, we could not determine that the payments were allowable and that the claimants met the PUA eligibility requirements for their benefit weeks paid.
We reaffirm our finding and will follow-up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
E. Eligibility
1. Eligibility for Individuals
a. PUA – PUA provides benefits to covered individuals, who are those individuals not eligible for regular unemployment compensation (UC or extended benefits under state or federal law or PEUC, including those who have exhausted all rights to such benefits). Covered individuals also include self-employed, those seeking part-time employment, individuals lacking sufficient work history, and those who otherwise do not qualify for regular unemployment compensation or extended benefits under state or federal law or PEUC.
PUA is payable to individuals who are ineligible for regular UC, EB, or PEUC and are unemployed, partially unemployed, or unable or unavailable to work due to one of the COVID-19 related reasons identified in Attachment I to UIPL No. 16-20, Change 6. Section 2102(a)(3)(A)(ii)(I) of the CARES Act included 10 specific COVID-19 related reasons. The Department, under the authority provided by Section 2102(a)(3)(A)(ii)(I)(kk) of the CARES Act, added additional COVID-19 related reasons three new COVID-19 related reasons with the publication of UIPL No. 16-20, Change 5 on February 25, 2021. All COVID-19 related reasons apply retroactively to the beginning of the PUA program. Additionally, individuals who are paid on or after December 27, 2020, must submit proof of documentation substantiating employment, self-employment, or the planned commencement of employment or self-employment (see Attachment I, Section C.2. of UIPL No. 16-20, Change 4). This includes individuals requesting retroactive payments that are not received until after December 27, 2020.
2023-007 The Employment Security Department did not have adequate internal controls to ensure it submitted accurate financial reports for the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53; UI-34748-20-55-A-53; UI-35682-21-55-A-53; UI-35977-21-60-A-53;
UI-37098-21-55-A-53; UI-37256-22-55-A-53;
UI-37313-22-55-A-53; UI-38013-22-60-A-53;
UI-38163-22-55-A-53;UI-38511-22-55-A-53;
UI-38580-22-75-A-53; UI-39303-23-55-A-53;
UI-39355-23-55-A-53; UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to people for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than
$1.1 billion in unemployment insurance benefits to people in Washington.
The Unemployment Insurance Reports Handbook No. 401 – published by the U.S. Department of Labor (DOL), Employment and Training Administration, Office of Unemployment Insurance – outlines the requirements for states to submit financial and performance reports to the federal government so it can evaluate their UI programs. The ETA 9130 – Financial Status Report is submitted quarterly, and is used to report program and administrative expenditures for UI programs. This financial data is reported cumulatively and separately for regular UI programs, as well as Pandemic Emergency Unemployment Compensation, Pandemic Unemployment Assistance, Disaster Unemployment Assistance, Trade Readjustment Assistance, and Reemployment Trade Adjustment Assistance. The Department requires fiscal analysts to prepare these reports, and grants management reviews and approves the reports before submitting them to DOL.
Additionally, the Department is required to submit to DOL the ETA 2112 – UI Financial Transaction Summary. This report provides a monthly summary of UI transactions that accounts for all funds received in, passed through or paid out of the state unemployment fund. The Department’s Assistant Treasury Supervisor is responsible for preparing these reports, and the Treasurer reviews the reports for accuracy and certifies them before they are submitted to DOL.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure it submitted accurate financial reports for the UI program.
During fiscal year 2023, the Department was required to submit 104 quarterly ETA 9130 financial reports to DOL. We used a non-statistical sampling method to randomly select and examine 15 reports. We found that five of the 15 reports (33 percent) were not certified by the Grants Manager before they were submitted to DOL.
In addition, the Department was required to submit 12 monthly ETA 2112 financial reports to DOL. We used a non-statistical sampling method to randomly select and examine five reports. We found one of the five reports (20 percent) was not reviewed and approved by the Treasurer before it was submitted to DOL.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials said that the Grants Manager responsible for reviewing the ETA 9130 reports for accuracy resigned during the audit period, prior to the due date of the five reports that were not certified. As a result, the Department submitted these reports without a secondary review.
Department officials said that the Treasurer discussed the ETA 2112 report with the Assistant Treasury Supervisor as fiscal analysts prepared the draft. However, the Treasurer did not document their approval of the report, and the Department did not retain any documentation supporting that the Treasurer reviewed and certified the report.
Effect of Condition
When management does not follow the Department’s established internal controls to ensure that all required financial reports are accurate, the Department is at an increased risk of inaccurately reporting financial data to the federal grantor.
Recommendation
We recommend the Department improve internal controls to ensure that management properly reviews and certifies all required financial reports before they are submitted to the federal grantor. This should include maintaining records to show that management completed these reviews.
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the UI grant.
The Department has implemented procedures to ensure reports are reviewed prior to submission, and submission dates and approvals are documented.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
L. Reporting
1. Financial Reporting
d. ETA 9130, Financial Status Report, UI Programs – This report is used to report program and administrative expenditures. All ETA grantees are required to submit quarterly financial reports for each grant award which they operate, including standard program and pilot, demonstration, and evaluation projects. Financial data is required to be reported cumulatively from grant inception through the end of each reporting period. Additional information on OMB Number 1205-0461 can be accessed at http://www.dol.gov/agencies/eta/grants/management and scroll down to the section on Financial Reporting. A separate ETA 9130 is submitted for each of the following: UI, PEUC, and PUA Administration, DUA, TRA/RTAA, and UI Projects (administration and benefits). See TEGL No. 02-16 for specific and clarifying instructions about the ETA 9130 https://wdr.doleta.gov/directives/corr_doc.cfm?DOCN=5156.
ETA 2112, UI Financial Transaction Summary (OMB No. 1205-0154) – A monthly summary of transactions, which account for all funds received in, passed through, or paid out of the state unemployment fund (ET Handbook 401).
2023-008 The Employment Security Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-005
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Employment Security Department administers the UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
The Unemployment Insurance Reports Handbook No. 401—published by the U.S. Department of Labor (DOL), Employment and Training Administration, Office of Unemployment Insurance – outlines the requirements for states to submit financial and performance reports to the federal government so it can evaluate their UI programs. The ETA 9055 – Appeals Case Aging – Lower and Higher Authority Appeals report (OMB No. 1205-0359) is submitted monthly, and it provides information on the inventory of lower and higher-authority single claimant appeals cases that have been filed in court but not yet decided. These reports provide the federal government with information about the number of days from the date an appeal was filed through the end of the month covered by the report, as well as the average and median age of the pending appeals cases. The Department prepares this report using data obtained through interagency data-sharing agreements with the Washington State Office of Administrative Hearings and the Washington State Administrative Office of the Courts.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the UI Program. The prior finding number was 2022-005.
Description of Condition
The Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the UI program.
During fiscal year 2023, the Department was required to submit monthly ETA 9055 performance reports to DOL. The Department did not require or perform a secondary review of the reports before submitting them. A single Department employee manually prepared the information contained in the reports and submitted them to the federal grantor, and no one verified they were accurate and complete before submission.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
Although Department officials said they implemented a secondary review of the 9055 report in May 2023, management did not monitor the completion of these reports throughout the audit period to determine whether internal controls would be sufficient to detect and correct any potential data entry errors. In addition, management relied on staff knowledge and other agencies to provide accurate and complete information.
Effect of Condition
By not establishing adequate internal controls to ensure monthly performance reports are complete and accurate, the Department is at an increased risk of inaccurately reporting data to the federal grantor.
Recommendation
We recommend the Department implement internal controls to ensure it has an effective review process in place before submitting monthly reports to the federal grantor.
Department’s Response
The Department concurs with the finding and thanks the State Auditor’s Office for its work over this area.
The Department immediately implemented the secondary review of these reports in response to a prior year finding over this issue. However, the recommendation from the prior year and the Department’s implementation occurred after the new state fiscal year had begun. The Department expects the control to be in place and functioning for the entire year in our next audit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Labor, Employment and Training Administration, Office of Unemployment Insurance, Unemployment Insurance Reports Handbook No. 401, Section V: Benefits Time Lapse and Quality, states in part:
ETA 9055 – APPEALS CASE AGING
Section V-5
1. General Reporting Instructions
Appeals Case Aging measures require states to report data on the universe of all single claimant appeals cases that have not been decided prior to the end of the reporting period. Edit checks can be found in Handbook 402, Unemployment Insurance Required Reports User’s Manual, Appendix C.
4. Pending Lower Authority Single Claimant Appeals Case Aging.
I. Includes all lower authority single claimant appeals cases, including those remanded by the higher authority for a hearing and decision reopened appeals cases not decided at the end of the month.
5. Pending Higher Authority Single Claimant Appeals Case Aging.
a. Includes all higher authority single claimant appeals cases, including remanded and reopened appeals cases, not decided at the end of the month. An appeals case that has been remanded to the lower authority for additional evidence and will be returned to the higher authority for a decision is reported in this inventory. An appeals case that has been remanded to the lower authority for a new hearing and decision is not a pending higher authority appeals case and should not be counted as such.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
L. Reporting
2. Performance Reporting
States are required to submit periodic reporting to evaluate the performance of the states’ UI programs. The auditor should test the information included in the key reports included below that ensure the timeliness of benefits paid. Detailed information on these reports can be accessed under:
https://www.dol.gov/sites/dolgov/files/ETA/handbooks/2017/ETHand401_5th.pdf
2023-009 The Employment Security Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the Benefit Accuracy Measurement program of the Unemployment Insurance program in a timely manner.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53; UI-34748-20-55-A-53;
UI-35682-21-55-A-53; UI-35977-21-60-A-53;
UI-37098-21-55-A-53; UI-37256-22-55-A-53;
UI-37313-22-55-A-53; UI-38013-22-60-A-53;
UI-38163-22-55-A-53; UI-38511-22-55-A-53;
UI-38580-22-75-A-53; UI-39303-23-55-A-53;
UI-39355-23-55-A-53; UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: UI Benefits Payments
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-006
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Improper Payment Elimination and Recovery Act of 2010 requires state workforce agencies to maintain a quality control system. The Benefits Accuracy Measurement (BAM) program is the U.S. Department of Labor’s quality control system designed to assess the accuracy of unemployment insurance benefit payments and denied claims in separation status. The program estimates error rates and dollar amounts of benefits improperly paid or denied by projecting the results from investigations in a state.
The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
Under the BAM program, the Department is required to draw a weekly sample of payments and denied claims. The Department must complete this sampling promptly and conduct an in-depth investigation of the claims to determine the degree of accuracy in administering the state’s Unemployment Compensation program and compliance with federal law (20 CFR 602.21(d)). The Department has established a dedicated BAM unit to meet these requirements.
The Benefit Accuracy Measurement State Operations Handbook, which is published by the U.S. Department of Labor’s Employment and Training Administration, indicates the time frame and requirements for conducting BAM program case sampling for paid claims. States must complete reviews of:
• 70 percent of the sampled cases within 60 days of the week ending date of the batch; and
• 95 percent of the sampled cases within 90 days of the week ending date of the batch; and
• 98 percent of sampled cases within 120 days of the ending date of the annual report period.
In addition, states must sample denied claims and review:
• 60 percent of the sampled cases within 60 days of the week ending date of the batch; and
• 85 percent of the sampled cases within 90 days of the week ending date of the batch; and
• 98 percent of the sampled cases within 120 days of the end of the calendar year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported that the Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner. The prior finding numbers were 2022-006, 2021-005 and 2020-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner.
The Department did not effectively recruit, develop and retain staff to ensure it materially complied with the BAM program’s case review requirements.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not adequately staff its BAM unit with resources sufficient to meet BAM program requirements. Management did not allocate sufficient resources to the BAM unit, and did not effectively retain its investigative staff assigned to the BAM unit to support its minimum required caseload.
Effect of Condition
The Department did not comply with the federally required timelines for completing its case sampling. For paid claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling for paid claims. The Department completed 472 of the required 480 samples.
• Completed only 425 (90.4 percent) of its 472 sampled cases within 90 days of the week ending date of the batch, failing to meet the federal requirement of 95 percent
• Completed only 446 (94.5 percent) of its 472 sampled cases within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98 percent
We also found the Department failed to complete the minimum required annual allocation for sampling for denied claims. The Department completed 436 of the required 450 samples for the annual allocation.
By not complying with the federally required timelines for completing case sampling, the Department cannot fully evaluate the accuracy of its claim decisions and is less likely to detect fraudulent payments.
Recommendation
We recommend the Department allocate the necessary staffing resources to ensure it complies with the U.S. Department of Labor’s timelines for BAM case sampling.
Department’s Response
The Department concurs with the finding and recommendation and thanks the State Auditor’s Office for its work to ensure the Department meets case sampling requirements.
Historically, the Benefit Accuracy Measurement (BAM) unit has been challenged to maintain full levels of staffing. Staff turnover, long training requirements, and unique skill sets make these positions difficult to maintain. The Department continues to hire, develop, and retain staff to fully meet USDOL requirements.
The Department further continues to partner and frequently communicate with the U.S. Department of Labor (USDOL) Regional Offices to discuss staffing and training models. The Quality Assurance Manager and the Case Review Supervisor are committed to routinely monitoring caseload, workload, and the overall assurance of meeting the BAM operations performance goals and measures as set forth by USDOL.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 CFR Part 602, Quality Control in the Federal-State Unemployment Insurance System, section 21, Standard methods and procedures, establishes the requirements for states to conduct representative case sampling for quality control study of unemployment benefit claims, which state in part:
§602.21 Standard methods and procedures.
Each State shall:
a. Perform the requirements of this section in accordance with instructions issued by the Department, pursuant to 602.30(a) of this part, to ensure standardization of methods and procedures in a manner consistent with this part;
b. Select representative samples for QC study of at least a minimum size specified by the Department to ensure statistical validity (for benefit payments, a minimum of 400 cases of week paid per State per year);
c. Complete prompt and in-depth case investigations to determine the degree of accuracy and timeliness in the administration of the State UC law and Federal programs with respect to benefit determinations, benefit payments, and revenue collections; and conduct other measurements and studies necessary or appropriate for carrying out the purposes of this part;
d. Furnish information and reports to the Department, including weekly transmissions of case data entered into the automated QC system and annual reports, without, in any manner, identifying individuals to whom such data pertain;
The U.S. Department of Labor, Employment and Training Administration Benefit Accuracy Measurement State Operations Handbook – ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 13: Completion of Cases and Timely Data Entry, states in part:
The following time limits are established for completion of all cases for the year. (The “year” includes all batches of weeks ending in the calendar year.):
• A minimum of 70 percent of cases must be completed within 60 days of the week ending date of the batch, and 95 percent of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98 percent of cases for the year must be completed within 120 days of the week ending date of the calendar year.
ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 12: Sampling Selection, states in part:
The annual sample size for UI paid claims and the three types of denials are fixed by DOL for the calendar year. BAM supervisors may change the weekly sample sizes in the input control record to accommodate investigator vacation schedule or other staffing contingencies. However, state are expected to pull at least the minimum number of cases each week. States may not over sample during a portion of the year in order to meet the annual sample allocation and then suspend sampling for the remainder of the calendar year. The minimum weekly and quarterly samples, based on current annual sample allocations are:
*Allocation for ten smallest states in terms of UI workload.
** 150 cases each of monetary, separation, and non-separation denials will be selected each year, for a total of 450 DCA cases.
ET Handbook No. 395, 5th Edition, Chapter VIII – Denied Claims Accuracy (DCA), Section 7: Completion of DCA Cases and Timely Data Entry, states in part:
As in paid claims, prompt completion of investigations is important to ensure the integrity of the information being collected by questioning claimant and employers before the passage of time adversely affects recollections. However, due to the fact that contacting the claimant and obtaining claimant information is more difficult than in paid claims, the timeliness standards differ as the following indicates:
• A minimum of 60 percent of cases must be completed within 60 days of the week ending date of the batch, and 85 percent of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98 percent of cases for the year must be completed within 120 days of the ending date of the Calendar Year.
2023-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure staff providing those services received required training.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Reemployment Programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA)
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor.
According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and are in need of job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices.
In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning duration of unemployment claims, earnings, and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5 percent of people with the highest WPRS scores.
The Department’s UI staff oversee the RESEA program, which includes participating in the planning, administration and oversight of the program, providing appropriate training to staff conducting applicant eligibility reviews, completing individual reemployment plans, and providing information and access to career and reemployment services, including referrals to other services. All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules, and agency policies once a year. Staff are required, by Department policy to take an intensive training before providing reemployment services to claimants, as well as take an annual refresher training once a year. Training includes information regarding job search requirements, reporting requirements, and UI eligibility assessments. In addition, all staff working with RESEA participants must be trained to detect and report potential issues to the UI claims center.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the Department profiled all claimants under the UI program, to identify those likely to need reemployment services and ensure staff providing reemployment services received required training.
Identification for People Eligible for Reemployment Services
The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits.
The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5 percent of claimants with the highest score. A random score was assigned to the remaining 95 percent of claimants. The random score assignment did not provide adequate assurance that those people most likely to exhaust benefits were prioritized to receive reemployment services.
To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that were determined by the Department to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score.
The Department has not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had ever been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits.
To test whether the UTAB system correctly determined and assigned coefficients based on the claimant attributes, we created four test scenarios containing specific attributes and the expected assigned coefficient value. The UTAB system did not assign the expected coefficient value for three of the 10 attributes. Department officials did not know how the system determined and assigned the coefficient value for these three attributes or why the value did not agree to the system reference tables. Therefore, we cannot conclude whether the assigned values for these three coefficients or the profile score assigned based on the coefficients are accurate.
In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure that all files sent to RAS were received and processed. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements.
Employee Training
The Department uses a tracking report to monitor the status of completed training for each RESEA employee. However, the Department did not adequately monitor to ensure staff who administered RESEA services to clients took required training.
We used a statistical sampling method to randomly select and examine 55 out of a total population of 441 employees that Department officials said were available to provided RESEA services during fiscal year 2023. We examined records for all RESEA training courses completed by these employees and found that the Department did not have documentation evidencing that two employees (3.6 percent) completed annual RESEA training during the audit period. Both employees administered RESEA appointments to claimants during the audit period. We also found three employees (5.5 percent) were missing from the Department’s tracking report, and four additional employees completed a training course that was not listed on the report.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Identification for People Eligible for Reemployment Services
During the implementation of the RCT, the Department did not monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits.
Department management asserted in writing that its UTAB risk scoring model was operating during the audit period to ensure claimants were profiled to determine those most likely to exhaust unemployment benefits and need reemployment services. However, after our Office tested the risk scoring model and identified system weaknesses, the Department informed us that the scoring model was not working as intended and disabled during the audit period.
Employee Training
The Department did not maintain historical records of employee training profiles. Instead, management retained only documents supporting the most recent training course completed by each employee. Additionally, management did not adequately maintain its tracking reports to ensure all completed training sessions were documented for each employee.
Effect of Condition
Identification for People Eligible for Reemployment Services
Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure that claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT.
Employee Training
By not maintaining adequate training records for its employees, the Department cannot demonstrate that all RESEA staff have been properly trained on unemployment eligibility requirements in order to administer reemployment services to clients, as required in the RESEA State Plan.
Recommendations
We recommend the Department:
• Review the design of its UTAB calculation to determine an applicant’s risk profile score, and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
• Reconcile the interface between the UTAB system and the scheduling system to ensure that all RESEA eligible claimants were received by the RAS scheduling system
• Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants
• Verify all staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants
Department’s Response
The Department partially concurs with the finding.
UTAB Recommendations:
I. Review the design of its UTAB calculation to determine an applicant’s risk profile score, and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
Department response:
The Department concurs with the recommendation. For clarification, the coefficient values are calculated outside of UTAB. The coefficients are then input into UTAB which then calculates the profile score. The Department will review processes to effectively validate profile scores based upon new coefficients.
II. Reconcile the interface between the UTAB system and the scheduling system to ensure that all RESEA eligible claimants were received by the RAS scheduling system.
Department response:
The Department partially concurs with the recommendation.
Regarding the recommendation, there is no interface between UTAB and RAS to reconcile. The UTAB system is capable of generating an “exit file” which indicates the profile score for all the applicants that have a work search requirement. This file is sent and input into the RAS scheduler which automatically assigns the applicant. The Department will review its processes to verify that the RAS properly sets appointments from the UTAB exit file.
b. Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements.
Department Response:
The Department does not concur with this recommendation. In the Background section above, SAO stated “In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants.”
The pilot program was not implemented in lieu of the risk model, but concurrently as described above. In brief, all applicants are scored and provided both a risk scoring profile based on established standards, and a random score, as described in the pilot program. Based on the risk scoring model, the top scores are automatically selected for RESEA. The remainder of the applicants are assigned based on the random score. The use of the top scorers and the random scoring methodology allows for the Department to meet the both the standard requirements by RESEA and the pilot program.
Considering this, the Department believes it is compliant with both the risk based and random scoring profile requirements.
Training Recommendations:
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants.
Department Response:
The Department does not concur with the recommendation. In the Background stated above, SAO noted “All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules, and agency policies once a year. Staff are required, by Department policy to take an intensive training before providing reemployment services to claimants, as well as take an annual refresher training once a year.”
For accuracy, staff are required by the US DOL as follows (UIPL 08-24) page 15: Required Engagement of UI Staff – UI staff must be engaged in the administration of the RESEA program. This includes, but is not limited to:
I. Participating in the planning, administration, and oversight of the RESEA program;
II. Providing all appropriate staff training on UC eligibility requirements;
III. Ensuring accurate data are provided in the RESEA-required reports; and
IV. Conducting eligibility determinations and redeterminations resulting from issues identified through RESEA participation.
The first day of RESEA Intensive Training is UI eligibility training which is designed and conducted by UICS Trainers. The Policy 4050-1 indicates that staff are required to have yearly training, but this is not specified by Policy definition and provides for the ad hoc and monthly trainings put on by programs. Additionally, there is no RESEA Department “policy” regarding training. The current program team fulfills the UIPL mandated UI Eligibility requirement through the required RESEA Intensive Training for all RESEA staff - as has been the process since 2020. The refresher trainings were implemented by programs to bring those trained, non-regular RESEA staff and local leaders up to date on changes, address in an effort to improve performance and reinforce staff confidence in their work. This is an internal process.
The Department does have controls in place to ensure all employees receive required RESEA training, an internal spreadsheet, updated by training staff which was provided to the auditors. The two exceptions of the 55 sampled were staff who completed RESEA Intensive Training prior to the fiscal year audited. USDOL requires only that RESEA staff be trained and RESEA Policy indicates that training can occur as needed and in any form (monthly program call, ad hoc office training, etc.). Formal training is completed every 6 weeks and ad hoc trainings are provided on a monthly basis at a minimum.
Therefore, the Department believes it meets the minimum standards as required by USDOL.
• Verify all staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants.
Department Response:
The Department does not concur with the recommendation. The Cause of the Condition for the training requirements as noted by SAO is a determination that ESD did not maintain training records.
The exceptions noted in this area appear to be centered around two seasonal staff who were trained, though their training records were found outside the audit period. As stated in our response above, USDOL does not require yearly training. ESD implemented this programmatically in Fall of 2022. RESEA Policy 4050-1 indicates that staff should receive regular training, but intentionally does not specify the formality, format or content, allowing us to provide this in regular program calls and in ad hoc office trainings.
Specifically the policy states “(3.A): *Staff training requirement for RESEA services - Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.”
The RESEA lead trainer provided other documentation to the auditors - both from the LMS and our ESD’s own internal spreadsheets. Program records reflect the same information as LMS records but for the lone retiree (who showed up in our records but was archived from the LMS records). The two non-regular/seasonal staff who provided services in the audit period but did not have a record of that training in the audit period had previously completed required intensive training - which is more than the minimum required by USDOL.
Auditor’s Remarks
Identification for People Eligible for Reemployment Services
The Department could not explain how the calculation of a claimant’s profile score occurred in UTAB in order to demonstrate that the automated calculation is working as intended to ensure claimants who are most likely to exhaust their unemployment benefits and need reemployment services are correctly identified. By implementing the RCT instead of assessing each claimant’s risk of exhausting unemployment benefits, and rank-ordering each claimant for RESEA selection based on that risk, the Department’s claimant selection design does not ensure that it prioritizes selecting claimants more likely to exhaust their benefits over other claimants with a lower likelihood of exhausting their benefits. This approach does not meet the federal requirement to ensure those individuals likely to exhaust their unemployment benefits are prioritized for RESEA services.
Without monitoring to ensure all claimants determined eligible to receive RESEA services are transmitted to RAS, the Department cannot ensure that claimants selected to receive RESEA appointments represent those claimants who are most likely to exhaust their regular unemployment benefits and are most in-need of reemployment services. Additionally, by not reconciling claimants selected for appointments in RAS with claimants profiled in UTAB, the Department cannot reasonably ensure that all claimants eligible to receive RESEA services have been considered for appointment selection.
Employee Training
The Department’s policy 4050-1 stipulates that the annual refresher course is required to be completed by staff rendering RESEA services to claimants. Our testing focused on those individuals available to provide RESEA services to claimants during the audit period, and therefore we concluded that these individuals were required to receive an annual refresher training course during the audit period. The Department stated in its response that it implemented the programmatic annual refresher training requirement in Fall 2022, however Department policy 4050-1 became effective on October 15, 2020.
The Department did not accurately track employee training completed during the audit period using its internal monitoring spreadsheet. Without monitoring to ensure all training records have been accurately reflected in the spreadsheet, management cannot ensure that all staff providing RESEA services have completed required training programs and therefore does not have reasonable assurance of compliance with RESEA training requirements as outlined in the Department’s policy.
Furthermore, we disagree with the Department’s assertion that annual training is not required for all RESEA staff. Both the Policy 4050-1 and the RESEA State Plan state that staff providing direct services to claimants must receive annual refresher training from the Department in addition to initial training on program requirements, state laws, rules and agency policies.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part:
(j) Worker profiling
(1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that –
(A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment;
(B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law;
Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part:
1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense.
2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications.
Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part:
3. Policy:
A. Staff Training requirements for RESEA Services
Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.
B. Claimant selection for RESEA services
RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score.
Based on ranked scoring, claimants are selected and added to an electronic list as eligible to receive RESEA services. Claimants identified as most likely to exhaust, or as UCX receive top priority.
Selection occurs between the second and fifth week of a valid claim. Claimants waiting on decisions or for their claims to become valid are not selected until they have valid claims and are eligible for benefits.
2023-006 The Employment Security Department made improper payments to ineligible beneficiaries of the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed, Eligibility
Known Questioned Cost Amount: $603
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to people for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
In 2020, the U.S. Department of Labor (DOL) established new unemployment compensation programs, including Pandemic Unemployment Assistance (PUA), to provide additional unemployment assistance benefits to eligible workers affected by the COVID-19 pandemic. These programs were extended and modified through the American Rescue Plan Act of 2021.
Under the temporary programs, which expired on September 6, 2021, states must process and pay benefits to eligible people for all weeks of unemployment ending on or before the date of termination or eligibility expiration (whichever comes first). People eligible for PUA included those not eligible for regular unemployment compensation, such as people who have already exhausted their regular UI benefits, are self-employed, seeking part-time employment, or lack sufficient work history. The first week in which claimants were eligible to receive PUA benefits began on January 27, 2020.
During the pandemic, people applying for PUA benefits were required to self-certify that they were unemployed, partially unemployed, or unable or unavailable to work due to COVID-19. However, in January 2021, DOL announced a change to federal law through Unemployment Insurance Program Letter (UIPL) 16-20, Change 4. This change required that people receiving PUA benefits on or after December 27, 2020, submit proof of documentation to the state substantiating their employment, self-employment, or planned start of employment or self-employment in order to receive their benefits, regardless of when their benefits are actually paid. This includes people requesting retroactive payments of PUA benefits that are not received until after December 27, 2020.
Description of Condition
The Department did not ensure that payments were made only to eligible beneficiaries of the UI program.
We found the Department had adequate internal controls to ensure it paid UI benefits to eligible people, and it materially complied with the federal requirements. However, we identified questioned costs for benefits awarded to PUA claimants.
We used a statistical sampling method to randomly select and examine 78 out of a total population of 20,447 claims for weekly PUA benefits. For these claims, the Department was required to determine the eligibility of each claimant to receive benefits, including verifying proof of employment, self-employment, or planned start of employment or self-employment.
We found three instances (5.1 percent) where the Department paid weekly benefits without requesting and reviewing documentation from the claimant substantiating employment, self-employment, or planned start of employment or self-employment, as required by the federal grantor. These three claims resulted in $603 in known overpayments of PUA benefits by the Department, as each claim was paid after December 27, 2020, and during our audit period.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials did not correctly interpret the guidance outlined in the UIPL change to reflect that claimants were required to provide documentation substantiating proof of employment or self-employment in order to receive payments from the state after December 27, 2020. The Department did not request documentation from PUA claimants to substantiate employment prior to paying the claims.
Effect of Condition and Questioned Costs
We identified $603 in known federal questioned costs and $208,975 in likely federal questioned costs. We considered these questioned costs because the people receiving the benefit payments did not meet all the program’s eligibility requirements at the time of payment.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Verify people applying for PUA benefits have met all eligibility requirements before issuing weekly benefit payments
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department does not concur with the finding.
The State Auditor’s Office asserts the Department incorrectly interpreted guidance outlined in the UIPL regarding PUA benefit eligibility requirements. However, citing the UIPL below:
UIPL 16-20 change 4
2. Requirement to submit documentation substantiating employment or self-employment (Section 241 of the Continued Assistance Act) (new).
The first full paragraph of section C.2. of attachment I, UIPL 16-20 change 4 says that:
“Anyone that receives a payment of PUA on or after December 27, 2020, (the enactment date of the Continued Assistance Act) will be required to submit documentation substantiating employment or self-employment, or the planned commencement of employment or self-employment.” [emphasis added]
Under this guidance, the claimant had to first have been issued a payment after the Continued Assistant Act (CAA) became effective (regardless of the week or weeks the payment(s) were for) before the Department could set the issue to request the documentation.
In the exceptions noted by SAO, the first claimant wasn’t paid at all until 2023. Once the payment was issued to the claimant, the PUA Documents Required (PDR) issue was properly set. In the second, the claimant received some payments before 12/27/20 and then had other payment stops on her claim that were not removed until 2023. The removal of those payment stops triggered a payment for the remaining weeks claimed. Because those payments were made after 12/27/20, the PDR issue was set.
Under the same section, item c. limits the date the Department can start the denial for failing to comply with the PDR issue:
c. Failure to Comply. Individuals who do not provide documentation substantiating employment/self-employment (or planned employment/self-employment) within the required timeframe, as described above, are not eligible for PUA. For DUA, if the individual fails to submit documentation substantiating employment or self-employment, the state must establish an overpayment for the entire DUA claim, per 20 C.F.R. 625.6(e)(2). However, as provided in Section 241(b)(2) of the Continued Assistance Act, for PUA, if the individual fails to submit such documentation, the state may only establish an overpayment for those weeks of unemployment ending on or after December 27, 2020 (the enactment date of the Continued Assistance Act).
For example, an individual has a PUA claim effective on November 1, 2020, and files and is paid for weeks of unemployment ending November 7, 2020, through weeks ending January 9, 2021. Because the individual received a payment for PUA after December 27, 2020, the state must notify the individual on January 4, 2021, about the requirement to provide documentation substantiating employment/self-employment (or planned employment/self-employment) within 90 days (by April 4, 2021).
If, in that timeframe, the individual fails to provide documentation or fails to show good cause to have the deadline extended, an overpayment must be established for all the weeks paid beginning with the week ending January 2, 2021. This is because the individual cannot be deemed ineligible for a week of unemployment ending before the date of enactment solely for failure to submit documentation (emphasis added).
In the cases reviewed, the claimants did not respond to the issue or provide their documentation. Because the denial is limited to only claimed weeks following the enactment of the CAA (weeks ending 1/2/21 and later), any weeks from 2020 that were paid in 2023 had no potential for denial and therefore should not be considered to be incorrectly paid, similar to the example given above from the UIPL.
If addition, if claimants never claimed a week ending after the CAA was effective, the PDR issue will set but never be adjudicated because they had never claimed a week that was potentially deniable.
In discussions with SAO, the Office cited paragraph b(ii) of the UIPL, to indicate that any claims paid by the State on or after 12/27/2020 require the claimant to provide documentation substantiating employment or self-employment within 90 days of payment, or when directed to submit the documentation by the state workforce agency, whichever is later. This section of the UIPL solely lays out the requirements for establishing the respond-by dates for providing documentation for review. The deadline for responses is different depending on whether the PUA claim was filed before 1/26/21 or on/after that date. This paragraph does not establish the requirements for payment or non-payment of PUA weeks.
Additionally, the Department received further guidance in a webinar with USDOL on Monday, January 11, 2021, which reinforced the methodology used by the Department in these cases.
Auditor’s Remarks
For the claimants in question, we did not receive any documentation from the Department demonstrating that a request was sent to the claimant to provide supporting documentation substantiating employment, nor was there evidence provided that the claims in-question were suspended due to missing documentation from the claimants.
Federal guidance contained in Attachment I to UIPL 16-20, Change 4 – Pandemic Unemployment Assistance (PUA) Implementation and Operating Instructions stipulates the following:
“Anyone that receives a payment of PUA on or after December 27, 2020, (the enactment date of the Continued Assistance Act) will be required to submit documentation substantiating employment or self-employment, or the planned commencement of employment or self-employment. This includes any individual who receives any payment of PUA on or after December 27, even if the payment is for a week of unemployment that occurred before December 27, 2020. The deadline for providing such documentation depends on when the individual filed the initial PUA claim.
• Filing New Applications for PUA on or after January 31, 2021. Individuals filing a new PUA application on or after January 31, 2021 (regardless of whether the claim is backdated), are required to provide documentation within 21 days of application or the date the individual is directed to submit the documentation by the State Agency, whichever is later. The deadline may be extended if the individual has shown good cause under state UC law within 21 days.
• Filing Continued Claims for PUA. Individuals who have an existing PUA claim as of December 27, 2020, (the enactment date of the Continued Assistance Act) or who file a new initial PUA claim before January 31, 2021, and who receive PUA on or after December 27, 2020, must provide documentation within 90 days of the application date or the date the individual is instructed to provide such documentation by the state agency (whichever date is later).”
We questioned these payments due to the Department not receiving any supporting documentation substantiating employment or self-employment from these claimants during the audit period, and failing to establish overpayment notices to the claimants during the audit period. For all three payments in-question, the claimant filed for PUA prior to December 27, 2020, and therefore would have been required to submit supporting documentation substantiating employment to the Department within 90 days, or as directed by the Department.
Because the Department did not receive supporting documentation from the claimants for these benefit weeks during the audit period, we could not determine that the payments were allowable and that the claimants met the PUA eligibility requirements for their benefit weeks paid.
We reaffirm our finding and will follow-up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
E. Eligibility
1. Eligibility for Individuals
a. PUA – PUA provides benefits to covered individuals, who are those individuals not eligible for regular unemployment compensation (UC or extended benefits under state or federal law or PEUC, including those who have exhausted all rights to such benefits). Covered individuals also include self-employed, those seeking part-time employment, individuals lacking sufficient work history, and those who otherwise do not qualify for regular unemployment compensation or extended benefits under state or federal law or PEUC.
PUA is payable to individuals who are ineligible for regular UC, EB, or PEUC and are unemployed, partially unemployed, or unable or unavailable to work due to one of the COVID-19 related reasons identified in Attachment I to UIPL No. 16-20, Change 6. Section 2102(a)(3)(A)(ii)(I) of the CARES Act included 10 specific COVID-19 related reasons. The Department, under the authority provided by Section 2102(a)(3)(A)(ii)(I)(kk) of the CARES Act, added additional COVID-19 related reasons three new COVID-19 related reasons with the publication of UIPL No. 16-20, Change 5 on February 25, 2021. All COVID-19 related reasons apply retroactively to the beginning of the PUA program. Additionally, individuals who are paid on or after December 27, 2020, must submit proof of documentation substantiating employment, self-employment, or the planned commencement of employment or self-employment (see Attachment I, Section C.2. of UIPL No. 16-20, Change 4). This includes individuals requesting retroactive payments that are not received until after December 27, 2020.
2023-007 The Employment Security Department did not have adequate internal controls to ensure it submitted accurate financial reports for the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53; UI-34748-20-55-A-53; UI-35682-21-55-A-53; UI-35977-21-60-A-53;
UI-37098-21-55-A-53; UI-37256-22-55-A-53;
UI-37313-22-55-A-53; UI-38013-22-60-A-53;
UI-38163-22-55-A-53;UI-38511-22-55-A-53;
UI-38580-22-75-A-53; UI-39303-23-55-A-53;
UI-39355-23-55-A-53; UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to people for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than
$1.1 billion in unemployment insurance benefits to people in Washington.
The Unemployment Insurance Reports Handbook No. 401 – published by the U.S. Department of Labor (DOL), Employment and Training Administration, Office of Unemployment Insurance – outlines the requirements for states to submit financial and performance reports to the federal government so it can evaluate their UI programs. The ETA 9130 – Financial Status Report is submitted quarterly, and is used to report program and administrative expenditures for UI programs. This financial data is reported cumulatively and separately for regular UI programs, as well as Pandemic Emergency Unemployment Compensation, Pandemic Unemployment Assistance, Disaster Unemployment Assistance, Trade Readjustment Assistance, and Reemployment Trade Adjustment Assistance. The Department requires fiscal analysts to prepare these reports, and grants management reviews and approves the reports before submitting them to DOL.
Additionally, the Department is required to submit to DOL the ETA 2112 – UI Financial Transaction Summary. This report provides a monthly summary of UI transactions that accounts for all funds received in, passed through or paid out of the state unemployment fund. The Department’s Assistant Treasury Supervisor is responsible for preparing these reports, and the Treasurer reviews the reports for accuracy and certifies them before they are submitted to DOL.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure it submitted accurate financial reports for the UI program.
During fiscal year 2023, the Department was required to submit 104 quarterly ETA 9130 financial reports to DOL. We used a non-statistical sampling method to randomly select and examine 15 reports. We found that five of the 15 reports (33 percent) were not certified by the Grants Manager before they were submitted to DOL.
In addition, the Department was required to submit 12 monthly ETA 2112 financial reports to DOL. We used a non-statistical sampling method to randomly select and examine five reports. We found one of the five reports (20 percent) was not reviewed and approved by the Treasurer before it was submitted to DOL.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials said that the Grants Manager responsible for reviewing the ETA 9130 reports for accuracy resigned during the audit period, prior to the due date of the five reports that were not certified. As a result, the Department submitted these reports without a secondary review.
Department officials said that the Treasurer discussed the ETA 2112 report with the Assistant Treasury Supervisor as fiscal analysts prepared the draft. However, the Treasurer did not document their approval of the report, and the Department did not retain any documentation supporting that the Treasurer reviewed and certified the report.
Effect of Condition
When management does not follow the Department’s established internal controls to ensure that all required financial reports are accurate, the Department is at an increased risk of inaccurately reporting financial data to the federal grantor.
Recommendation
We recommend the Department improve internal controls to ensure that management properly reviews and certifies all required financial reports before they are submitted to the federal grantor. This should include maintaining records to show that management completed these reviews.
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the UI grant.
The Department has implemented procedures to ensure reports are reviewed prior to submission, and submission dates and approvals are documented.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
L. Reporting
1. Financial Reporting
d. ETA 9130, Financial Status Report, UI Programs – This report is used to report program and administrative expenditures. All ETA grantees are required to submit quarterly financial reports for each grant award which they operate, including standard program and pilot, demonstration, and evaluation projects. Financial data is required to be reported cumulatively from grant inception through the end of each reporting period. Additional information on OMB Number 1205-0461 can be accessed at http://www.dol.gov/agencies/eta/grants/management and scroll down to the section on Financial Reporting. A separate ETA 9130 is submitted for each of the following: UI, PEUC, and PUA Administration, DUA, TRA/RTAA, and UI Projects (administration and benefits). See TEGL No. 02-16 for specific and clarifying instructions about the ETA 9130 https://wdr.doleta.gov/directives/corr_doc.cfm?DOCN=5156.
ETA 2112, UI Financial Transaction Summary (OMB No. 1205-0154) – A monthly summary of transactions, which account for all funds received in, passed through, or paid out of the state unemployment fund (ET Handbook 401).
2023-008 The Employment Security Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-005
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Employment Security Department administers the UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
The Unemployment Insurance Reports Handbook No. 401—published by the U.S. Department of Labor (DOL), Employment and Training Administration, Office of Unemployment Insurance – outlines the requirements for states to submit financial and performance reports to the federal government so it can evaluate their UI programs. The ETA 9055 – Appeals Case Aging – Lower and Higher Authority Appeals report (OMB No. 1205-0359) is submitted monthly, and it provides information on the inventory of lower and higher-authority single claimant appeals cases that have been filed in court but not yet decided. These reports provide the federal government with information about the number of days from the date an appeal was filed through the end of the month covered by the report, as well as the average and median age of the pending appeals cases. The Department prepares this report using data obtained through interagency data-sharing agreements with the Washington State Office of Administrative Hearings and the Washington State Administrative Office of the Courts.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the UI Program. The prior finding number was 2022-005.
Description of Condition
The Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the UI program.
During fiscal year 2023, the Department was required to submit monthly ETA 9055 performance reports to DOL. The Department did not require or perform a secondary review of the reports before submitting them. A single Department employee manually prepared the information contained in the reports and submitted them to the federal grantor, and no one verified they were accurate and complete before submission.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
Although Department officials said they implemented a secondary review of the 9055 report in May 2023, management did not monitor the completion of these reports throughout the audit period to determine whether internal controls would be sufficient to detect and correct any potential data entry errors. In addition, management relied on staff knowledge and other agencies to provide accurate and complete information.
Effect of Condition
By not establishing adequate internal controls to ensure monthly performance reports are complete and accurate, the Department is at an increased risk of inaccurately reporting data to the federal grantor.
Recommendation
We recommend the Department implement internal controls to ensure it has an effective review process in place before submitting monthly reports to the federal grantor.
Department’s Response
The Department concurs with the finding and thanks the State Auditor’s Office for its work over this area.
The Department immediately implemented the secondary review of these reports in response to a prior year finding over this issue. However, the recommendation from the prior year and the Department’s implementation occurred after the new state fiscal year had begun. The Department expects the control to be in place and functioning for the entire year in our next audit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Labor, Employment and Training Administration, Office of Unemployment Insurance, Unemployment Insurance Reports Handbook No. 401, Section V: Benefits Time Lapse and Quality, states in part:
ETA 9055 – APPEALS CASE AGING
Section V-5
1. General Reporting Instructions
Appeals Case Aging measures require states to report data on the universe of all single claimant appeals cases that have not been decided prior to the end of the reporting period. Edit checks can be found in Handbook 402, Unemployment Insurance Required Reports User’s Manual, Appendix C.
4. Pending Lower Authority Single Claimant Appeals Case Aging.
I. Includes all lower authority single claimant appeals cases, including those remanded by the higher authority for a hearing and decision reopened appeals cases not decided at the end of the month.
5. Pending Higher Authority Single Claimant Appeals Case Aging.
a. Includes all higher authority single claimant appeals cases, including remanded and reopened appeals cases, not decided at the end of the month. An appeals case that has been remanded to the lower authority for additional evidence and will be returned to the higher authority for a decision is reported in this inventory. An appeals case that has been remanded to the lower authority for a new hearing and decision is not a pending higher authority appeals case and should not be counted as such.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
L. Reporting
2. Performance Reporting
States are required to submit periodic reporting to evaluate the performance of the states’ UI programs. The auditor should test the information included in the key reports included below that ensure the timeliness of benefits paid. Detailed information on these reports can be accessed under:
https://www.dol.gov/sites/dolgov/files/ETA/handbooks/2017/ETHand401_5th.pdf
2023-009 The Employment Security Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the Benefit Accuracy Measurement program of the Unemployment Insurance program in a timely manner.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53; UI-34748-20-55-A-53;
UI-35682-21-55-A-53; UI-35977-21-60-A-53;
UI-37098-21-55-A-53; UI-37256-22-55-A-53;
UI-37313-22-55-A-53; UI-38013-22-60-A-53;
UI-38163-22-55-A-53; UI-38511-22-55-A-53;
UI-38580-22-75-A-53; UI-39303-23-55-A-53;
UI-39355-23-55-A-53; UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: UI Benefits Payments
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-006
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Improper Payment Elimination and Recovery Act of 2010 requires state workforce agencies to maintain a quality control system. The Benefits Accuracy Measurement (BAM) program is the U.S. Department of Labor’s quality control system designed to assess the accuracy of unemployment insurance benefit payments and denied claims in separation status. The program estimates error rates and dollar amounts of benefits improperly paid or denied by projecting the results from investigations in a state.
The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
Under the BAM program, the Department is required to draw a weekly sample of payments and denied claims. The Department must complete this sampling promptly and conduct an in-depth investigation of the claims to determine the degree of accuracy in administering the state’s Unemployment Compensation program and compliance with federal law (20 CFR 602.21(d)). The Department has established a dedicated BAM unit to meet these requirements.
The Benefit Accuracy Measurement State Operations Handbook, which is published by the U.S. Department of Labor’s Employment and Training Administration, indicates the time frame and requirements for conducting BAM program case sampling for paid claims. States must complete reviews of:
• 70 percent of the sampled cases within 60 days of the week ending date of the batch; and
• 95 percent of the sampled cases within 90 days of the week ending date of the batch; and
• 98 percent of sampled cases within 120 days of the ending date of the annual report period.
In addition, states must sample denied claims and review:
• 60 percent of the sampled cases within 60 days of the week ending date of the batch; and
• 85 percent of the sampled cases within 90 days of the week ending date of the batch; and
• 98 percent of the sampled cases within 120 days of the end of the calendar year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported that the Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner. The prior finding numbers were 2022-006, 2021-005 and 2020-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner.
The Department did not effectively recruit, develop and retain staff to ensure it materially complied with the BAM program’s case review requirements.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not adequately staff its BAM unit with resources sufficient to meet BAM program requirements. Management did not allocate sufficient resources to the BAM unit, and did not effectively retain its investigative staff assigned to the BAM unit to support its minimum required caseload.
Effect of Condition
The Department did not comply with the federally required timelines for completing its case sampling. For paid claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling for paid claims. The Department completed 472 of the required 480 samples.
• Completed only 425 (90.4 percent) of its 472 sampled cases within 90 days of the week ending date of the batch, failing to meet the federal requirement of 95 percent
• Completed only 446 (94.5 percent) of its 472 sampled cases within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98 percent
We also found the Department failed to complete the minimum required annual allocation for sampling for denied claims. The Department completed 436 of the required 450 samples for the annual allocation.
By not complying with the federally required timelines for completing case sampling, the Department cannot fully evaluate the accuracy of its claim decisions and is less likely to detect fraudulent payments.
Recommendation
We recommend the Department allocate the necessary staffing resources to ensure it complies with the U.S. Department of Labor’s timelines for BAM case sampling.
Department’s Response
The Department concurs with the finding and recommendation and thanks the State Auditor’s Office for its work to ensure the Department meets case sampling requirements.
Historically, the Benefit Accuracy Measurement (BAM) unit has been challenged to maintain full levels of staffing. Staff turnover, long training requirements, and unique skill sets make these positions difficult to maintain. The Department continues to hire, develop, and retain staff to fully meet USDOL requirements.
The Department further continues to partner and frequently communicate with the U.S. Department of Labor (USDOL) Regional Offices to discuss staffing and training models. The Quality Assurance Manager and the Case Review Supervisor are committed to routinely monitoring caseload, workload, and the overall assurance of meeting the BAM operations performance goals and measures as set forth by USDOL.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 CFR Part 602, Quality Control in the Federal-State Unemployment Insurance System, section 21, Standard methods and procedures, establishes the requirements for states to conduct representative case sampling for quality control study of unemployment benefit claims, which state in part:
§602.21 Standard methods and procedures.
Each State shall:
a. Perform the requirements of this section in accordance with instructions issued by the Department, pursuant to 602.30(a) of this part, to ensure standardization of methods and procedures in a manner consistent with this part;
b. Select representative samples for QC study of at least a minimum size specified by the Department to ensure statistical validity (for benefit payments, a minimum of 400 cases of week paid per State per year);
c. Complete prompt and in-depth case investigations to determine the degree of accuracy and timeliness in the administration of the State UC law and Federal programs with respect to benefit determinations, benefit payments, and revenue collections; and conduct other measurements and studies necessary or appropriate for carrying out the purposes of this part;
d. Furnish information and reports to the Department, including weekly transmissions of case data entered into the automated QC system and annual reports, without, in any manner, identifying individuals to whom such data pertain;
The U.S. Department of Labor, Employment and Training Administration Benefit Accuracy Measurement State Operations Handbook – ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 13: Completion of Cases and Timely Data Entry, states in part:
The following time limits are established for completion of all cases for the year. (The “year” includes all batches of weeks ending in the calendar year.):
• A minimum of 70 percent of cases must be completed within 60 days of the week ending date of the batch, and 95 percent of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98 percent of cases for the year must be completed within 120 days of the week ending date of the calendar year.
ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 12: Sampling Selection, states in part:
The annual sample size for UI paid claims and the three types of denials are fixed by DOL for the calendar year. BAM supervisors may change the weekly sample sizes in the input control record to accommodate investigator vacation schedule or other staffing contingencies. However, state are expected to pull at least the minimum number of cases each week. States may not over sample during a portion of the year in order to meet the annual sample allocation and then suspend sampling for the remainder of the calendar year. The minimum weekly and quarterly samples, based on current annual sample allocations are:
*Allocation for ten smallest states in terms of UI workload.
** 150 cases each of monetary, separation, and non-separation denials will be selected each year, for a total of 450 DCA cases.
ET Handbook No. 395, 5th Edition, Chapter VIII – Denied Claims Accuracy (DCA), Section 7: Completion of DCA Cases and Timely Data Entry, states in part:
As in paid claims, prompt completion of investigations is important to ensure the integrity of the information being collected by questioning claimant and employers before the passage of time adversely affects recollections. However, due to the fact that contacting the claimant and obtaining claimant information is more difficult than in paid claims, the timeliness standards differ as the following indicates:
• A minimum of 60 percent of cases must be completed within 60 days of the week ending date of the batch, and 85 percent of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98 percent of cases for the year must be completed within 120 days of the ending date of the Calendar Year.
2023-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure staff providing those services received required training.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Reemployment Programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA)
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor.
According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and are in need of job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices.
In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning duration of unemployment claims, earnings, and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5 percent of people with the highest WPRS scores.
The Department’s UI staff oversee the RESEA program, which includes participating in the planning, administration and oversight of the program, providing appropriate training to staff conducting applicant eligibility reviews, completing individual reemployment plans, and providing information and access to career and reemployment services, including referrals to other services. All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules, and agency policies once a year. Staff are required, by Department policy to take an intensive training before providing reemployment services to claimants, as well as take an annual refresher training once a year. Training includes information regarding job search requirements, reporting requirements, and UI eligibility assessments. In addition, all staff working with RESEA participants must be trained to detect and report potential issues to the UI claims center.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the Department profiled all claimants under the UI program, to identify those likely to need reemployment services and ensure staff providing reemployment services received required training.
Identification for People Eligible for Reemployment Services
The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits.
The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5 percent of claimants with the highest score. A random score was assigned to the remaining 95 percent of claimants. The random score assignment did not provide adequate assurance that those people most likely to exhaust benefits were prioritized to receive reemployment services.
To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that were determined by the Department to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score.
The Department has not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had ever been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits.
To test whether the UTAB system correctly determined and assigned coefficients based on the claimant attributes, we created four test scenarios containing specific attributes and the expected assigned coefficient value. The UTAB system did not assign the expected coefficient value for three of the 10 attributes. Department officials did not know how the system determined and assigned the coefficient value for these three attributes or why the value did not agree to the system reference tables. Therefore, we cannot conclude whether the assigned values for these three coefficients or the profile score assigned based on the coefficients are accurate.
In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure that all files sent to RAS were received and processed. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements.
Employee Training
The Department uses a tracking report to monitor the status of completed training for each RESEA employee. However, the Department did not adequately monitor to ensure staff who administered RESEA services to clients took required training.
We used a statistical sampling method to randomly select and examine 55 out of a total population of 441 employees that Department officials said were available to provided RESEA services during fiscal year 2023. We examined records for all RESEA training courses completed by these employees and found that the Department did not have documentation evidencing that two employees (3.6 percent) completed annual RESEA training during the audit period. Both employees administered RESEA appointments to claimants during the audit period. We also found three employees (5.5 percent) were missing from the Department’s tracking report, and four additional employees completed a training course that was not listed on the report.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Identification for People Eligible for Reemployment Services
During the implementation of the RCT, the Department did not monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits.
Department management asserted in writing that its UTAB risk scoring model was operating during the audit period to ensure claimants were profiled to determine those most likely to exhaust unemployment benefits and need reemployment services. However, after our Office tested the risk scoring model and identified system weaknesses, the Department informed us that the scoring model was not working as intended and disabled during the audit period.
Employee Training
The Department did not maintain historical records of employee training profiles. Instead, management retained only documents supporting the most recent training course completed by each employee. Additionally, management did not adequately maintain its tracking reports to ensure all completed training sessions were documented for each employee.
Effect of Condition
Identification for People Eligible for Reemployment Services
Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure that claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT.
Employee Training
By not maintaining adequate training records for its employees, the Department cannot demonstrate that all RESEA staff have been properly trained on unemployment eligibility requirements in order to administer reemployment services to clients, as required in the RESEA State Plan.
Recommendations
We recommend the Department:
• Review the design of its UTAB calculation to determine an applicant’s risk profile score, and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
• Reconcile the interface between the UTAB system and the scheduling system to ensure that all RESEA eligible claimants were received by the RAS scheduling system
• Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants
• Verify all staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants
Department’s Response
The Department partially concurs with the finding.
UTAB Recommendations:
I. Review the design of its UTAB calculation to determine an applicant’s risk profile score, and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
Department response:
The Department concurs with the recommendation. For clarification, the coefficient values are calculated outside of UTAB. The coefficients are then input into UTAB which then calculates the profile score. The Department will review processes to effectively validate profile scores based upon new coefficients.
II. Reconcile the interface between the UTAB system and the scheduling system to ensure that all RESEA eligible claimants were received by the RAS scheduling system.
Department response:
The Department partially concurs with the recommendation.
Regarding the recommendation, there is no interface between UTAB and RAS to reconcile. The UTAB system is capable of generating an “exit file” which indicates the profile score for all the applicants that have a work search requirement. This file is sent and input into the RAS scheduler which automatically assigns the applicant. The Department will review its processes to verify that the RAS properly sets appointments from the UTAB exit file.
b. Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements.
Department Response:
The Department does not concur with this recommendation. In the Background section above, SAO stated “In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants.”
The pilot program was not implemented in lieu of the risk model, but concurrently as described above. In brief, all applicants are scored and provided both a risk scoring profile based on established standards, and a random score, as described in the pilot program. Based on the risk scoring model, the top scores are automatically selected for RESEA. The remainder of the applicants are assigned based on the random score. The use of the top scorers and the random scoring methodology allows for the Department to meet the both the standard requirements by RESEA and the pilot program.
Considering this, the Department believes it is compliant with both the risk based and random scoring profile requirements.
Training Recommendations:
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants.
Department Response:
The Department does not concur with the recommendation. In the Background stated above, SAO noted “All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules, and agency policies once a year. Staff are required, by Department policy to take an intensive training before providing reemployment services to claimants, as well as take an annual refresher training once a year.”
For accuracy, staff are required by the US DOL as follows (UIPL 08-24) page 15: Required Engagement of UI Staff – UI staff must be engaged in the administration of the RESEA program. This includes, but is not limited to:
I. Participating in the planning, administration, and oversight of the RESEA program;
II. Providing all appropriate staff training on UC eligibility requirements;
III. Ensuring accurate data are provided in the RESEA-required reports; and
IV. Conducting eligibility determinations and redeterminations resulting from issues identified through RESEA participation.
The first day of RESEA Intensive Training is UI eligibility training which is designed and conducted by UICS Trainers. The Policy 4050-1 indicates that staff are required to have yearly training, but this is not specified by Policy definition and provides for the ad hoc and monthly trainings put on by programs. Additionally, there is no RESEA Department “policy” regarding training. The current program team fulfills the UIPL mandated UI Eligibility requirement through the required RESEA Intensive Training for all RESEA staff - as has been the process since 2020. The refresher trainings were implemented by programs to bring those trained, non-regular RESEA staff and local leaders up to date on changes, address in an effort to improve performance and reinforce staff confidence in their work. This is an internal process.
The Department does have controls in place to ensure all employees receive required RESEA training, an internal spreadsheet, updated by training staff which was provided to the auditors. The two exceptions of the 55 sampled were staff who completed RESEA Intensive Training prior to the fiscal year audited. USDOL requires only that RESEA staff be trained and RESEA Policy indicates that training can occur as needed and in any form (monthly program call, ad hoc office training, etc.). Formal training is completed every 6 weeks and ad hoc trainings are provided on a monthly basis at a minimum.
Therefore, the Department believes it meets the minimum standards as required by USDOL.
• Verify all staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants.
Department Response:
The Department does not concur with the recommendation. The Cause of the Condition for the training requirements as noted by SAO is a determination that ESD did not maintain training records.
The exceptions noted in this area appear to be centered around two seasonal staff who were trained, though their training records were found outside the audit period. As stated in our response above, USDOL does not require yearly training. ESD implemented this programmatically in Fall of 2022. RESEA Policy 4050-1 indicates that staff should receive regular training, but intentionally does not specify the formality, format or content, allowing us to provide this in regular program calls and in ad hoc office trainings.
Specifically the policy states “(3.A): *Staff training requirement for RESEA services - Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.”
The RESEA lead trainer provided other documentation to the auditors - both from the LMS and our ESD’s own internal spreadsheets. Program records reflect the same information as LMS records but for the lone retiree (who showed up in our records but was archived from the LMS records). The two non-regular/seasonal staff who provided services in the audit period but did not have a record of that training in the audit period had previously completed required intensive training - which is more than the minimum required by USDOL.
Auditor’s Remarks
Identification for People Eligible for Reemployment Services
The Department could not explain how the calculation of a claimant’s profile score occurred in UTAB in order to demonstrate that the automated calculation is working as intended to ensure claimants who are most likely to exhaust their unemployment benefits and need reemployment services are correctly identified. By implementing the RCT instead of assessing each claimant’s risk of exhausting unemployment benefits, and rank-ordering each claimant for RESEA selection based on that risk, the Department’s claimant selection design does not ensure that it prioritizes selecting claimants more likely to exhaust their benefits over other claimants with a lower likelihood of exhausting their benefits. This approach does not meet the federal requirement to ensure those individuals likely to exhaust their unemployment benefits are prioritized for RESEA services.
Without monitoring to ensure all claimants determined eligible to receive RESEA services are transmitted to RAS, the Department cannot ensure that claimants selected to receive RESEA appointments represent those claimants who are most likely to exhaust their regular unemployment benefits and are most in-need of reemployment services. Additionally, by not reconciling claimants selected for appointments in RAS with claimants profiled in UTAB, the Department cannot reasonably ensure that all claimants eligible to receive RESEA services have been considered for appointment selection.
Employee Training
The Department’s policy 4050-1 stipulates that the annual refresher course is required to be completed by staff rendering RESEA services to claimants. Our testing focused on those individuals available to provide RESEA services to claimants during the audit period, and therefore we concluded that these individuals were required to receive an annual refresher training course during the audit period. The Department stated in its response that it implemented the programmatic annual refresher training requirement in Fall 2022, however Department policy 4050-1 became effective on October 15, 2020.
The Department did not accurately track employee training completed during the audit period using its internal monitoring spreadsheet. Without monitoring to ensure all training records have been accurately reflected in the spreadsheet, management cannot ensure that all staff providing RESEA services have completed required training programs and therefore does not have reasonable assurance of compliance with RESEA training requirements as outlined in the Department’s policy.
Furthermore, we disagree with the Department’s assertion that annual training is not required for all RESEA staff. Both the Policy 4050-1 and the RESEA State Plan state that staff providing direct services to claimants must receive annual refresher training from the Department in addition to initial training on program requirements, state laws, rules and agency policies.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part:
(j) Worker profiling
(1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that –
(A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment;
(B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law;
Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part:
1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense.
2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications.
Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part:
3. Policy:
A. Staff Training requirements for RESEA Services
Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.
B. Claimant selection for RESEA services
RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score.
Based on ranked scoring, claimants are selected and added to an electronic list as eligible to receive RESEA services. Claimants identified as most likely to exhaust, or as UCX receive top priority.
Selection occurs between the second and fifth week of a valid claim. Claimants waiting on decisions or for their claims to become valid are not selected until they have valid claims and are eligible for benefits.
2023-012 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $603 million on highway projects during fiscal year 2023. Of that amount, it passed through about $331 million to local agencies through subawards for 378 new and existing projects across the state.
Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
For the subawards made during fiscal year 2023, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
We randomly selected and examined 55 of the 378 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for 17 of the 55 projects (30 percent). These risk assessments were signed and dated by Department staff after the audit period had ended. In addition, we found that 13 of the 17 assessments were not signed until after our Office requested them.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not ensure the Local Programs Engineers performed the risk assessments for each subrecipient project awarded program funds.
Effect of Condition
Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project.
Recommendations
We recommend the Department:
• Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements
• Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations.
Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. To help ensure consistency, the Department has updated position descriptions for Local Programs Engineers to reflect this requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring.
Title 2 CFR Part 200, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-013 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
20.205 COVID-19 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $706 million in federal Highway Planning and Construction program funds during fiscal year 2023. Of that amount, it spent more than $343 million on state-administered construction projects.
All laborers and mechanics employed by contractors or subcontractors to work on construction contracts exceeding $2,000 financed by federal assistance funds must be paid wages that are no less than those established for the locality of the project (prevailing wage rates) by the Department of Labor. All contractors and subcontractors are required to submit a copy of their payroll and a statement of compliance (certified payrolls) on a weekly basis, for each week in which any applicable contract work is performed. The Department’s construction projects typically involve both a prime contractor and subcontractors to complete work on the project.
The Department requires field inspectors to be onsite during construction work to ensure projects are completed in accordance with contract specifications. For every day of the week when contract work is performed, the inspector completes an Inspector Daily Report (IDR) and documents if there was any labor or mechanical work performed on that day. The IDRs are submitted to the Project Engineer, Project Manager, or Chief Inspector overseeing construction, who then reviews them to determine if any contractors must submit certified payrolls for that work week. Project Engineers are also required to document which contractors are required to submit certified payrolls each week by using a tracking report and maintaining it to identify all certified payrolls received from contractors and ensure they are documented and verified.
The Department publishes the Standard Specifications for Road, Bridge, and Municipal Construction (Standard Specifications), in addition to the Construction Manual (M.41-01.41), which applies to its construction contracts, and is approved by the U.S. Federal Highway Administration of the Department of Transportation. These specifications require contractors to submit certified payrolls to the Department on a weekly basis for each weekly payroll period. The Standard Specifications further stipulate that contractors must use the Washington State Department of Labor and Industries Prevailing Wage Intents and Affidavit System (PWIA) to submit weekly certified payrolls on federal projects. The Department’s Project Engineers are required to verify that contractor’s certified payrolls are submitted on a weekly basis in PWIA. If the contractor’s certifications are not submitted in a timely manner, the specifications allow the Department to withhold payment from contractors and enact other sanctions as necessary.
The Construction Manual also requires contractors to submit a Request to Sublet to gain authorization to use a subcontractor on a project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the program.
We found that the Department’s internal controls were not adequate to ensure all contractors and subcontractors submitted certified payrolls on a weekly basis, as required by federal law and the Standard Specifications.
We used a statistical sampling method and randomly selected 58 out of a total 3,931 of weeks in which contract work was performed on federally funded construction projects, to determine whether the Department received certified payrolls from the prime contractor and all subcontractors performing work on the project on a weekly basis, as required by federal law. We identified all 58 weeks required a total of 245 certified payrolls to be submitted to the Department.
Collecting certified payrolls
The Department did not collect all certified payrolls from the prime contractor and subcontractors on a weekly basis for 48 of the 58 weeks we examined (83 percent). For 45 of those weeks, we determined the Project Engineer did not notify the contractor in PWIA to submit the required payrolls. The Department provided no documentation demonstrating it withheld payments from or imposed additional sanctions upon prime contractors with late or overdue certified payrolls.
Of the 245 total certified payrolls submitted, 153 (62 percent) were not submitted within seven days (or one week) of the payroll week ending date, as required. On average, these payrolls were 23 days late, and 25 payrolls were more than 30 days late. For each of the 48 weeks, between one and 13 certified payrolls were submitted late. The Department requested overdue payrolls from contractors for 13 of those weeks.
We also found 12 weeks where the Project Engineer failed to document that certified payrolls were due for contractors that later submitted them in PWIA.
Internal controls and review of certified payrolls
We found that five of the 58 (9 percent) selected weeks were for projects that did not have an approved Request to Sublet form for all subcontractors on the project, as required by Department policy.
We also found that for 57 weeks, the Project Engineer assigned to oversee the project did not document that all required certified payrolls were received from contractors, as required by Department policy.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not adequately monitor to ensure compliance with federal requirements. While the Department’s Construction Manual and Standard Specifications have documented policies and procedures in place for Project Engineers and regional offices to follow to track certified payrolls, follow-up on late submissions, and issue sanctions, Project Engineers did not consistently follow these policies in monitoring contractors for compliance.
In addition, the Department’s Construction Manual does not specify how Project Engineers must document certified payrolls due for construction projects, and management does not have a standardized form for Project Engineers to use for tracking certified payrolls. Management did not adequately monitor Project Engineers to ensure they followed the standards outlined in the Construction Manual.
Effect of Condition
When the Department does not collect all certified payrolls timely, it cannot ensure that laborers working on federally funded construction contracts are paid the applicable prevailing wages, as required by law.
In addition, by not collecting certified payrolls on a weekly basis, the Department is not in compliance with federal requirements, and may be subject to actions by the federal grantor.
Recommendations
We recommend the Department:
• Monitor project offices to ensure contractors are notified when they have not provided certified payrolls for a given week of contract work
• Improve internal controls to ensure project offices monitor the status of certified payrolls due from contractors on a weekly basis, contractors are made aware of delinquent payrolls, and consideration is given to assessing sanctions on noncompliant contractors in accordance with its Standard Specifications, such as withholding any or all payments, as necessary, when contractors do not submit required certified payrolls on a weekly basis
• Ensure certified payrolls are collected from prime contractors and all subcontractors on a weekly basis, in accordance with federal law and the Construction Manual
Department’s Response
The Washington State Department of Transportation appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations.
As WSDOT indicated in previous years for similar findings, the draft audit finding does not consider the nature of the contractual relationship between the contractor and WSDOT as the owner. The owner's compliance with the Davis-Bacon Act and regulations cited in the finding is determined by collective actions specified by regulations and not merely by how many payrolls are collected from the contractor within a 7-day window. WSDOT, in close consultation with the FHWA, has established contract administration processes with contingencies built in to address and correct for contractor noncompliance. In addition, WSDOT will not issue project Completion until all certified payrolls are collected (Standard Specifications 1-08.5.2, Time for Completion). FHWA guidance recommends actions to take if a contractor is habitually late in submitting payrolls but leaves it up to WSDOT to determine when sanctions should be imposed. WSDOT’s Standard Specifications (1-07.9(5)) on certified payrolls aligns with FHWA guidance. Sanctions are imposed as appropriate during the life of a contract.
In FHWA’s letter of April 25, 2019, in response to a similar finding for FY 2018, the grantor states “WSDOT’s process and policy concerning certified payrolls has been approved by FHWA through the approval of WSDOT’s Construction Manual and Standard Specifications. As part of FHWA’s approval FHWA agreed that these processes are reasonable and satisfy the intent of the Department of Labor’s certified payroll requirements, as FHWA understands them. FHWA believes that the procedures contain the necessary controls to ensure compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts…”
In the July 6, 2020, response from FHWA on a similar finding for FY 2019, FHWA indicated “FHWA believes that WSDOT’s procedures contain the necessary controls to ensure reasonable compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts Questions and Answers. FHWA considers this finding to be resolved.”
In this year’s audit, the State Auditor sampled 58 weeks and the required 245 certified payrolls for contract work performed on federally funded construction projects during that time period. WSDOT collected all of the required 245 certified payrolls. Of these payrolls 153 were received one or more days late, but of these only 28 were 30-days or more late and only 15 (6%) were 60-days or more late. This represents only 1 percent above the exception threshold typically allowed by the State Auditor. At 60-days, the Department has its first opportunity to initiate sanctions against the contractor. Of the 15 payrolls that were at least 60-days late, WSDOT deferred (withheld) 10 payments on 2 of the contracts. Sanctions prior to 60-days, are not feasible, as the contractors are paid monthly for the prior month’s work, and WSDOT has 30-days to process payments. The draft finding notes that for several weeks “the Project Engineers did not notify the contractor in PWIA to submit the required payrolls”, however, many notifications were provided via email for 5 of tested contracts, but these were not taken into account, as SAO indicated they did not use the “approved method.”
WSDOT is in the midst of delivering its largest and one of its most complex construction programs in our history, and is doing so with lower and less experienced staffing levels than it had to deliver past construction programs. We will continue to look for opportunities to improve our process as well as our documentation to demonstrate compliance with the Davis-Bacon Act requirements. In addition, we will continue consulting with FHWA for any further actions needed to resolve this finding.
Auditor’s Remarks
The U.S. Department of Labor establishes the Davis-Bacon Act and related requirements concerning federally-funded construction projects. Title 29 Code of Federal Regulations (CFR) Subpart A – Davis-Bacon and Related Acts Provisions and Procedures, Subsection 5.5, requires that the Department collect certified payrolls from its contractors. 5.5(a)(ii)(A) stipulates that contractors and/or subcontractors must submit payrolls weekly and for each week in which Davis-Bacon or Related Acts-covered work is performed. The Department enters into federal-aid construction contracts with its contractors and is therefore required to ensure compliance with these federal requirements for its projects.
Furthermore, the USDOL Wage and Hour Division’s Final Rule (effective October 23, 2023) concerning the Davis-Bacon and Related Acts Regulations, stipulates that “contractors and subcontractors are required to provide certified payrolls to the contracting agency to demonstrate their compliance with Davis-Bacon Act requirements on a weekly basis,” and that “the Department cannot allow contractors to pay required prevailing wages or submit certified payrolls on a basis less frequent than weekly.”
In its response, the Department states it has established contract administration processes with contingencies built in to address and correct for contractor noncompliance regarding missing and/or late certified weekly payrolls. However, the high rate of noncompliance identified in the audit indicates that these processes are not effective in ensuring that contractors submit the required certified payrolls weekly, as required by federal law and the Department's Construction Manual. Additionally, for each of the 48 weeks we identified in which contractors failed to submit certified payrolls timely, our Office requested from the Department evidence that it imposed sanctions upon the contractors, and the Department provided us with no such documentation.
The Department also states it is not feasible to impose sanctions upon contractors with habitually late payrolls before 60 days have passed from the week(s) of work ending due to its designed payment delivery method. Without ensuring its prime contractors have submitted certified payrolls for their employees and for all approved subcontractors performing work under the contract, the Department cannot ensure the contractor has paid prevailing wages to all laborers and mechanics, and that laborers have been paid on a weekly basis, as required by federal law. Additionally, the Department electing to pay its contractors up to 30 days after construction work has been performed is not effective to prevent contractor noncompliance with submitting certified payrolls on a weekly basis, as required.
The Construction Manual, Section 1-07.9(5) Required Documents, states that certified payroll must be submitted to the Project Engineer through PWIA for each contractor, subcontractor, and each lower tier subcontractor performing work on the project, and that the PWIA system will be used to track requests made for missing certified payrolls. Therefore, we noted in our audit finding the instances when the Department’s Project Engineers failed to request overdue certified payrolls from contractors in PWIA, as that is the official system of record required to be used by the Department.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 29 CFR Part 5, Labor Standards Provisions Applicable to Contract Covering Federally Financed and Assisted Constructed (Also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standard Act), section 5, Contract provisions and related matters, establishes the requirements for including prevailing wage clauses in federal-aid contracts, payment withholding, and required documents.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Federal Highway Administration Davis-Bacon and Related Acts Questions and Answers, section 56, states that contracting agencies are responsible for properly applying and enforcing prevailing wage requirements in covered contracts including:
a) Verifying that covered contracts have incorporated the required Davis-Bacon clauses and the applicable wage determination(s);
b) Verifying that the Davis-Bacon notice and the applicable wage determination(s) are displayed at the site of the work in a conspicuous location in clear view of everyone;
c) Reviewing certified payrolls in a timely manner;
d) Conducting employee interviews;
e) Conducting reviews and investigations of covered contracts in conjunction with FHWA as appropriate;
f) Forwarding refusal to pay and/or debarment consideration cases to the USDOL Wage and Hour Division for appropriate action; and
g) Submitting enforcement reports and semi-annual enforcement reports to the USDOL Wage and Hour Division.
The Washington State Department of Transportation’s Construction Manual M41-01.41, December 2022 edition, section 1-07.9, Wages, states in part:
Federal Prevailing Wage
Enforcement of Federal Prevailing Wage Provisions
In addition to the requirements of Standard Specifications Section 1-07.9, all Contracts financed with Federal funding includes the Required Contract Provisions for Federal-Aid Construction Contracts (FHWA-1273). These provisions identify Federal wage requirements. The Federal prevailing wage requirements included in these provisions are also commonly referred to as Davis Bacon and Related Acts (DBRA). It is the Project Engineer’s responsibility to monitor and enforce these provisions to the degree necessary to ensure full compliance. In order to comply with these requirements, the Contractor must:
Submit weekly certified payrolls to the Project Engineer through LNI’s Prevailing Wage Intents and Affidavits (PWIA) system.
Ensure each Subcontractor, and each agent or lower-tier subcontractor submits weekly certified payrolls to the Project Engineer through PWIA.
SS1-07.9(5) Required Documents
Statement of Intent
Every Contractor, Subcontractor, agent, or lower tier subcontractor performing work on a public works contract must submit a Statement of Intent to Pay Prevailing Wages to LNI for approval. Separate Intents are required for each Request to Sublet submitted on the project. Hiring Contractors are required to file an Intent if they hire a lower tier subcontractor subject to prevailing wages.
Certified payroll must be submitted to the Project Engineer through PWIA for each Contractor, Subcontractor, and each lower tier subcontractor performing work on the project, regardless of funding source or delivery method. Certified payrolls are required from the time each Firm begins performing Contract work until the time the Affidavit is visible in PWIA, or until the Contractor has identified their last certified payroll has been submitted.
A tracking sheet is required to document when Project Office staff verify that certified payrolls are received through PWIA. The frequency of verification depends on the funding source of the project. Weekly verification is required for federally funded projects, while monthly verification is required for state funded contracts. The tracking sheet needs to indicate that all active Contracts have been checked for late or missing certified payrolls. PWIA will be used to track requests made for missing certified payrolls. A separate tracking sheet may be used to track which certified payrolls have been verified for each project.
Federally funded projects require weekly submittals. Further review of the payroll will be required to ensure the Federal prevailed wage rate is met using the Wage Determination included in the Contract Special Provisions.
Federally funded Contracts:
• Weekly submittals
• No leniency on late submittals
• Required for every week, whether work was performed or not
• Enforcement of all Federal requirements will remain WSDOT responsibility
Federally funded projects require weekly submittal of certified payrolls. If the Contractor is unable to submit their payroll electronically using PWIA, they must submit the certified payrolls directly to the Project Office.
Non-compliance or non-submittal could result in the Project Engineer withholding an appropriate portion of payment (see Section SS 1-09.9).
The Washington State Department of Transportation’s Construction Manual M41-01.41, December 2022 edition, section 1-09, Measurement and Payment, subsection 9, Payments, states in part:
Withholding of Payments
Withholding payments for the work the Contractor has performed and completed in accordance with the contract should not be done casually. There must be clear contract language supporting the action. The authority to withhold progress payments is subdelegated to the Regions. Further delegation to the Project Engineers is at the discretion of each Region.
Delinquent Contractor Submittals
Missing submittals is a principal source of delays in closing out the project and processing the final estimate. As the project proceeds toward completion, the Project Engineer and the Contractor should attempt to obtain all submittals as the need arises. These might include such things as materials certificates, certified payrolls, extension of time requests, or any other item or document that delay processing the final estimate.
2023-014 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with quality assurance program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction Cluster.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction Program
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Quality Assurance Program
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-011
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $706 million in federal Highway Planning and Construction program funds during fiscal year 2023. Of that amount, it spent more than $343 million on state-administered construction projects.
Federal regulations require that the Department have a quality assurance (QA) program, approved by the Federal Highway Administration (FHWA), for construction projects on the National Highway System to ensure that materials and workmanship conform to approved plans and specifications. Verification sampling must be performed by qualified testing personnel employed by the Department or its designated agent, excluding the contractor.
The Department’s QA program requirements are outlined in the Construction Manual, which is approved by the FHWA. This manual documents how materials are tested for acceptance before being incorporated into construction projects. Materials can be accepted in various ways, such as sample testing, a visual inspection documented by the Field Note Record or Inspector’s Daily Report, or a certification of compliance from the manufacturer. If a materials test is required, the Department must ensure that only qualified people perform the testing, including independent testers, consultants or certified Department employees.
To ensure that materials incorporated into a project meet approved plans and specifications, the Department prepares a list of prescribed materials to be used on the project. The Department uploads this list to a program called the Record of Materials (ROM). The ROM sets forth the materials and quantities that are expected to be used on the project, and it documents the proper acceptance criteria, including any test(s) personnel are required to perform on a material. Once created, Project Engineers responsible for managing the construction project update the ROM to indicate the type and quantity of materials incorporated into the project so management can ensure the materials test(s) that are required for acceptance have occurred.
To ensure that only qualified people perform the testing, testers must pass a certification exam, which consists of a written and performance exam. After passing both, the testers are entered into the Qualified Tester Database and are certified for five years, after which they must recertify by passing both exams again. There are two different types of tester qualifications: module and method. Module testers are proficient in multiple method tests that can encompass all method tests for a particular material, whereas method testers may only be proficient in particular tests for any given material.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed materials testing for projects funded by the Highway Planning and Construction Cluster. The prior finding numbers were 2022-011, 2021-011, 2020-017 and 2019-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction Cluster.
We used a statistically valid sampling method to randomly select 58 out of 1,991 materials that were used on federally funded projects during state fiscal year 2023.
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
For the 58 randomly selected materials, we requested supporting documentation for acceptance and/or testing of the material. We found:
• Three materials (5 percent) where testing did not occur, or the Department was unable to provide documentation justifying the item did not require testing.
• Two additional materials (3 percent) where the Department did not provide adequate supporting documentation to demonstrate the materials we selected were properly tested, according to the Standard Specifications. One of these materials did not meet the minimum acceptance criteria outlined in the Standard Specifications, and the Department paid the contractor for the material used on the project.
Testing personnel were not properly certified
We reviewed documentation to verify whether the testers performing sampling activities for the Department had all required documents to support their certification. We found:
• Four instances (7 percent) where the tester was missing a required exam for certification
• Three instances (5 percent) where the Department was unable to provide documentation to support that the tester met certification requirements. All three instances correspond to materials for which the Department could produce no records demonstrating the items were tested for acceptance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
Management did not adequately monitor project offices to ensure required materials testing and acceptance occurred in accordance with the Construction Manual.
Testing personnel were not properly certified
Project Engineers did not ensure tester qualifications were current, and management did not ensure that only qualified testers performed materials testing and acceptance on behalf of the Department.
Effect of Condition
By not adequately monitoring project materials to ensure they conform to approved plans and specifications, the Department does not have reasonable assurance that materials incorporated into projects conform to standard specifications and the Construction Manual.
By not properly verifying and documenting the testers’ qualifications, the Department risks improper materials testing. This could result in the Department using materials that may not conform to approved plans and specifications.
Recommendations
We recommend the Department:
• Improve internal controls, and monitor project offices, to ensure that required sampling activities occur, as required, and permanently incorporated materials conform to standard specifications for all federal aid construction projects
• Strengthen internal controls to ensure testers have completed all required exams—and that they have proper documentation of passing these exams—before performing sampling activities
Continue to review all testers to ensure they meet the minimum requirements for certification
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Federal Highway Program and the federally required Quality Assurance (QA) program. The Department is committed to ensuring our programs continue to comply with federal regulations and recognizes that there are always opportunities for improvement to its QA program.
The Department is working towards replacement of its ROM legacy system; therefore, it was not practical to modify this system to help correct issues reported in a similar finding in the FY 2022 Single Audit. Instead, the Department eliminated its practice requiring updates to the ROM within 30 days of payment and instead relies on the required documentation, as evidence of proper material acceptance. These changes were made during FY2023, which did not allow time to be fully reflected in the current year’s audit. In addition, in January 2023 WSDOT modified its practice related to how tester data is reviewed and entered into the tester certification tracking system, as a result of audit recommendations from the FY 2022 audit. All offices now funnel tester data to the Headquarters Quality Assurance Program for review and entry. These changes to practices were communicated to appropriate staff and are reflected in the Construction Manual, which was reviewed and approved by FHWA.
Materials Acceptance
The construction contracts awarded in FY23 utilizing federal funding contained more than 4,700 materials, with approximately 1,100 of them requiring testing. The State Auditor tested 58 materials of the approximately 1,100 requiring testing; however, through our review the Department found only 4 materials (6.8%) where we could not provide documentation to support that testing occurred or was not required.
Testing Personnel Certifications
The State Auditor reviewed documentation for whether the testers performing materials sampling activities for the Department had all required documents to support their certification and took exception to documentation provided. The Department did not provide certification documents for 2 of the testers responsible for 4 of the materials tests included in the audit.
The Department has worked closely with the Federal Highway Administration (FHWA) on our QA program and continues to receive feedback from them on the strength of our program. The Department will continue to put improvements in place for the QA program based on the SAO audit recommendations. These issues were discussed at the 2024 Material Assurance Training offered 3/20/2024, and we will continue to deliver other training to Project Engineering Offices to emphasize QA program requirements throughout the year.
Auditor’s Remarks
We thank the Department for its cooperation and assistance during the audit.
We maintain that there are five materials out of 58 (8.6 percent) examined during the audit that did not have adequate supporting documentation to demonstrate the materials met the minimum acceptance criteria according to the Department’s Construction Manual. We used a statistical sampling methodology for this test and therefore expect the error rate of 8.6 percent to be representative of the entire population of 1,100 materials.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 23 U.S. Code of Federal Regulations (CFR) Part 637, Construction Inspection and Approval establishes the following applicable requirements:
Section 637.201 Purpose
To prescribe policies, procedures, and guidelines to assure the quality of materials and construction in all Federal-aid highway projects on the National Highway System.
Section 637.205 Policy
a) Quality assurance program. Each STD shall develop a quality assurance program which will assure that the materials and workmanship incorporated into each Federal-aid highway construction project on the NHS are in conformity with the requirements of the approved plans and specifications, including approved changes. The program must meet criteria in (Section 637.207) and be approved by the FHWA.
b) STD capabilities. The STD shall maintain an adequate, qualified staff to administer the quality assurance program. The State shall also maintain a central laboratory. The State’s central laboratory shall meet requirements in (Section 637.209(a)(2)).
c) Verification sampling and testing. The verification sampling and testing are to be performed by qualified testing personnel employed by the STD or its designated agent, excluding the contractor and vendor.
d) Random samples. All samples used for quality control and verification sampling and testing shall be random samples.
Section 637.207 Quality assurance program
a. Each STD’s quality assurance program shall provide for an acceptance program and an independent assurance (IA) program consisting of the following:
1. Acceptance program.
i. Each STD’s acceptance program shall consist of the following:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
C. Identification of the specific attributes to be inspected which reflect the quality of the finished product.
ii. Quality control sampling and testing results may be used as part of the acceptance decision provided that:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Department of Transportation’s Construction Manual (M41-01), Chapter 9: Materials, states in part:
9-1 General
The quality of materials used on the project will be evaluated and accepted in various ways, whether by testing of samples, visual inspection, or certification of compliance. This chapter details the manner in which these materials can be accepted. Requirements for materials are described in Standard Specifications for Road, Bridge, and Municipal Construction M 41-10 Section 1-06 and Division 9.
It is the Project Engineer’s responsibility to accept materials in accordance with this chapter. For materials tests that do not meet specification requirements, the Project Engineer shall contact the State Construction Office which will coordinate with the State Materials Engineer or Assistant State Materials Engineer to determine the appropriate action.
9-1.2C Record of Materials
The Record of Materials (ROM) is used to track material type, make/model, approval, acceptance, field verification documentation, Certificate of Materials Origin, and other materials documentation.
The Project Office utilizes the ROM program to track all permanently incorporated materials that are placed in on the Contract. Temporary materials are also tracked in the ROM when the contract documents contain temporary material requirements. The Project Engineer is responsible for the accuracy of the ROM, other documentation methods used, and Certification of Materials. Acceptance requirements shown in the ROM can be modified by referencing the properly submitted QPL page or the approved Request for Approval of Materials. Reviewing the contract plans and provisions may identify additional materials documentation requirements as well as construction items that shall be added to the ROM and tracked for completion throughout the course of the project work.
In order to ensure clarity upon completion of the work and to allow for easy certification of the project by both the Project Engineer and the Region, the ROM needs to be maintained throughout the course of the project. “Maintained” and “maintain” means the ROM is updated to reflect materials placed within 30 calendar days of the material payment. This includes material type, make/model, approval, acceptance, field verification documentation, Certificate of Materials Origin and other materials documentation. For materials used in the Contract, the Project Office is required to maintain the Status Work Completed (WC)/Documentation Complete (DC) / Not Used (NU) fields in the ROM.
The Project Office is required to maintain quantities paid, quantities placed, quantities field verified for materials that have sampling frequencies, WSDOT Fabrications Inspection items, where the Acceptance Criteria requires quantities such as Manufacturer Certificate of Compliance, or when quantities are noted in the initial materials and acceptance criteria. 9-5.3 WAQTC Testing Technician Qualification Program
The Region Independent Assurance Inspectors are responsible for maintaining the Tester Qualification database information for their Region WAQTC Testers as well as maintaining the WAQTC internal certifications and records (physical and digital).
9-5.4 Method Qualified Tester Program
The Region Independent Assurance Inspectors are responsible for maintaining the Tester Qualification database information for their Region Method Testers as well as maintaining the Method internal certifications and records (physical and digital).
2023-012 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $603 million on highway projects during fiscal year 2023. Of that amount, it passed through about $331 million to local agencies through subawards for 378 new and existing projects across the state.
Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
For the subawards made during fiscal year 2023, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
We randomly selected and examined 55 of the 378 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for 17 of the 55 projects (30 percent). These risk assessments were signed and dated by Department staff after the audit period had ended. In addition, we found that 13 of the 17 assessments were not signed until after our Office requested them.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not ensure the Local Programs Engineers performed the risk assessments for each subrecipient project awarded program funds.
Effect of Condition
Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project.
Recommendations
We recommend the Department:
• Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements
• Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations.
Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. To help ensure consistency, the Department has updated position descriptions for Local Programs Engineers to reflect this requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring.
Title 2 CFR Part 200, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-013 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
20.205 COVID-19 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $706 million in federal Highway Planning and Construction program funds during fiscal year 2023. Of that amount, it spent more than $343 million on state-administered construction projects.
All laborers and mechanics employed by contractors or subcontractors to work on construction contracts exceeding $2,000 financed by federal assistance funds must be paid wages that are no less than those established for the locality of the project (prevailing wage rates) by the Department of Labor. All contractors and subcontractors are required to submit a copy of their payroll and a statement of compliance (certified payrolls) on a weekly basis, for each week in which any applicable contract work is performed. The Department’s construction projects typically involve both a prime contractor and subcontractors to complete work on the project.
The Department requires field inspectors to be onsite during construction work to ensure projects are completed in accordance with contract specifications. For every day of the week when contract work is performed, the inspector completes an Inspector Daily Report (IDR) and documents if there was any labor or mechanical work performed on that day. The IDRs are submitted to the Project Engineer, Project Manager, or Chief Inspector overseeing construction, who then reviews them to determine if any contractors must submit certified payrolls for that work week. Project Engineers are also required to document which contractors are required to submit certified payrolls each week by using a tracking report and maintaining it to identify all certified payrolls received from contractors and ensure they are documented and verified.
The Department publishes the Standard Specifications for Road, Bridge, and Municipal Construction (Standard Specifications), in addition to the Construction Manual (M.41-01.41), which applies to its construction contracts, and is approved by the U.S. Federal Highway Administration of the Department of Transportation. These specifications require contractors to submit certified payrolls to the Department on a weekly basis for each weekly payroll period. The Standard Specifications further stipulate that contractors must use the Washington State Department of Labor and Industries Prevailing Wage Intents and Affidavit System (PWIA) to submit weekly certified payrolls on federal projects. The Department’s Project Engineers are required to verify that contractor’s certified payrolls are submitted on a weekly basis in PWIA. If the contractor’s certifications are not submitted in a timely manner, the specifications allow the Department to withhold payment from contractors and enact other sanctions as necessary.
The Construction Manual also requires contractors to submit a Request to Sublet to gain authorization to use a subcontractor on a project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the program.
We found that the Department’s internal controls were not adequate to ensure all contractors and subcontractors submitted certified payrolls on a weekly basis, as required by federal law and the Standard Specifications.
We used a statistical sampling method and randomly selected 58 out of a total 3,931 of weeks in which contract work was performed on federally funded construction projects, to determine whether the Department received certified payrolls from the prime contractor and all subcontractors performing work on the project on a weekly basis, as required by federal law. We identified all 58 weeks required a total of 245 certified payrolls to be submitted to the Department.
Collecting certified payrolls
The Department did not collect all certified payrolls from the prime contractor and subcontractors on a weekly basis for 48 of the 58 weeks we examined (83 percent). For 45 of those weeks, we determined the Project Engineer did not notify the contractor in PWIA to submit the required payrolls. The Department provided no documentation demonstrating it withheld payments from or imposed additional sanctions upon prime contractors with late or overdue certified payrolls.
Of the 245 total certified payrolls submitted, 153 (62 percent) were not submitted within seven days (or one week) of the payroll week ending date, as required. On average, these payrolls were 23 days late, and 25 payrolls were more than 30 days late. For each of the 48 weeks, between one and 13 certified payrolls were submitted late. The Department requested overdue payrolls from contractors for 13 of those weeks.
We also found 12 weeks where the Project Engineer failed to document that certified payrolls were due for contractors that later submitted them in PWIA.
Internal controls and review of certified payrolls
We found that five of the 58 (9 percent) selected weeks were for projects that did not have an approved Request to Sublet form for all subcontractors on the project, as required by Department policy.
We also found that for 57 weeks, the Project Engineer assigned to oversee the project did not document that all required certified payrolls were received from contractors, as required by Department policy.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not adequately monitor to ensure compliance with federal requirements. While the Department’s Construction Manual and Standard Specifications have documented policies and procedures in place for Project Engineers and regional offices to follow to track certified payrolls, follow-up on late submissions, and issue sanctions, Project Engineers did not consistently follow these policies in monitoring contractors for compliance.
In addition, the Department’s Construction Manual does not specify how Project Engineers must document certified payrolls due for construction projects, and management does not have a standardized form for Project Engineers to use for tracking certified payrolls. Management did not adequately monitor Project Engineers to ensure they followed the standards outlined in the Construction Manual.
Effect of Condition
When the Department does not collect all certified payrolls timely, it cannot ensure that laborers working on federally funded construction contracts are paid the applicable prevailing wages, as required by law.
In addition, by not collecting certified payrolls on a weekly basis, the Department is not in compliance with federal requirements, and may be subject to actions by the federal grantor.
Recommendations
We recommend the Department:
• Monitor project offices to ensure contractors are notified when they have not provided certified payrolls for a given week of contract work
• Improve internal controls to ensure project offices monitor the status of certified payrolls due from contractors on a weekly basis, contractors are made aware of delinquent payrolls, and consideration is given to assessing sanctions on noncompliant contractors in accordance with its Standard Specifications, such as withholding any or all payments, as necessary, when contractors do not submit required certified payrolls on a weekly basis
• Ensure certified payrolls are collected from prime contractors and all subcontractors on a weekly basis, in accordance with federal law and the Construction Manual
Department’s Response
The Washington State Department of Transportation appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations.
As WSDOT indicated in previous years for similar findings, the draft audit finding does not consider the nature of the contractual relationship between the contractor and WSDOT as the owner. The owner's compliance with the Davis-Bacon Act and regulations cited in the finding is determined by collective actions specified by regulations and not merely by how many payrolls are collected from the contractor within a 7-day window. WSDOT, in close consultation with the FHWA, has established contract administration processes with contingencies built in to address and correct for contractor noncompliance. In addition, WSDOT will not issue project Completion until all certified payrolls are collected (Standard Specifications 1-08.5.2, Time for Completion). FHWA guidance recommends actions to take if a contractor is habitually late in submitting payrolls but leaves it up to WSDOT to determine when sanctions should be imposed. WSDOT’s Standard Specifications (1-07.9(5)) on certified payrolls aligns with FHWA guidance. Sanctions are imposed as appropriate during the life of a contract.
In FHWA’s letter of April 25, 2019, in response to a similar finding for FY 2018, the grantor states “WSDOT’s process and policy concerning certified payrolls has been approved by FHWA through the approval of WSDOT’s Construction Manual and Standard Specifications. As part of FHWA’s approval FHWA agreed that these processes are reasonable and satisfy the intent of the Department of Labor’s certified payroll requirements, as FHWA understands them. FHWA believes that the procedures contain the necessary controls to ensure compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts…”
In the July 6, 2020, response from FHWA on a similar finding for FY 2019, FHWA indicated “FHWA believes that WSDOT’s procedures contain the necessary controls to ensure reasonable compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts Questions and Answers. FHWA considers this finding to be resolved.”
In this year’s audit, the State Auditor sampled 58 weeks and the required 245 certified payrolls for contract work performed on federally funded construction projects during that time period. WSDOT collected all of the required 245 certified payrolls. Of these payrolls 153 were received one or more days late, but of these only 28 were 30-days or more late and only 15 (6%) were 60-days or more late. This represents only 1 percent above the exception threshold typically allowed by the State Auditor. At 60-days, the Department has its first opportunity to initiate sanctions against the contractor. Of the 15 payrolls that were at least 60-days late, WSDOT deferred (withheld) 10 payments on 2 of the contracts. Sanctions prior to 60-days, are not feasible, as the contractors are paid monthly for the prior month’s work, and WSDOT has 30-days to process payments. The draft finding notes that for several weeks “the Project Engineers did not notify the contractor in PWIA to submit the required payrolls”, however, many notifications were provided via email for 5 of tested contracts, but these were not taken into account, as SAO indicated they did not use the “approved method.”
WSDOT is in the midst of delivering its largest and one of its most complex construction programs in our history, and is doing so with lower and less experienced staffing levels than it had to deliver past construction programs. We will continue to look for opportunities to improve our process as well as our documentation to demonstrate compliance with the Davis-Bacon Act requirements. In addition, we will continue consulting with FHWA for any further actions needed to resolve this finding.
Auditor’s Remarks
The U.S. Department of Labor establishes the Davis-Bacon Act and related requirements concerning federally-funded construction projects. Title 29 Code of Federal Regulations (CFR) Subpart A – Davis-Bacon and Related Acts Provisions and Procedures, Subsection 5.5, requires that the Department collect certified payrolls from its contractors. 5.5(a)(ii)(A) stipulates that contractors and/or subcontractors must submit payrolls weekly and for each week in which Davis-Bacon or Related Acts-covered work is performed. The Department enters into federal-aid construction contracts with its contractors and is therefore required to ensure compliance with these federal requirements for its projects.
Furthermore, the USDOL Wage and Hour Division’s Final Rule (effective October 23, 2023) concerning the Davis-Bacon and Related Acts Regulations, stipulates that “contractors and subcontractors are required to provide certified payrolls to the contracting agency to demonstrate their compliance with Davis-Bacon Act requirements on a weekly basis,” and that “the Department cannot allow contractors to pay required prevailing wages or submit certified payrolls on a basis less frequent than weekly.”
In its response, the Department states it has established contract administration processes with contingencies built in to address and correct for contractor noncompliance regarding missing and/or late certified weekly payrolls. However, the high rate of noncompliance identified in the audit indicates that these processes are not effective in ensuring that contractors submit the required certified payrolls weekly, as required by federal law and the Department's Construction Manual. Additionally, for each of the 48 weeks we identified in which contractors failed to submit certified payrolls timely, our Office requested from the Department evidence that it imposed sanctions upon the contractors, and the Department provided us with no such documentation.
The Department also states it is not feasible to impose sanctions upon contractors with habitually late payrolls before 60 days have passed from the week(s) of work ending due to its designed payment delivery method. Without ensuring its prime contractors have submitted certified payrolls for their employees and for all approved subcontractors performing work under the contract, the Department cannot ensure the contractor has paid prevailing wages to all laborers and mechanics, and that laborers have been paid on a weekly basis, as required by federal law. Additionally, the Department electing to pay its contractors up to 30 days after construction work has been performed is not effective to prevent contractor noncompliance with submitting certified payrolls on a weekly basis, as required.
The Construction Manual, Section 1-07.9(5) Required Documents, states that certified payroll must be submitted to the Project Engineer through PWIA for each contractor, subcontractor, and each lower tier subcontractor performing work on the project, and that the PWIA system will be used to track requests made for missing certified payrolls. Therefore, we noted in our audit finding the instances when the Department’s Project Engineers failed to request overdue certified payrolls from contractors in PWIA, as that is the official system of record required to be used by the Department.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 29 CFR Part 5, Labor Standards Provisions Applicable to Contract Covering Federally Financed and Assisted Constructed (Also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standard Act), section 5, Contract provisions and related matters, establishes the requirements for including prevailing wage clauses in federal-aid contracts, payment withholding, and required documents.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Federal Highway Administration Davis-Bacon and Related Acts Questions and Answers, section 56, states that contracting agencies are responsible for properly applying and enforcing prevailing wage requirements in covered contracts including:
a) Verifying that covered contracts have incorporated the required Davis-Bacon clauses and the applicable wage determination(s);
b) Verifying that the Davis-Bacon notice and the applicable wage determination(s) are displayed at the site of the work in a conspicuous location in clear view of everyone;
c) Reviewing certified payrolls in a timely manner;
d) Conducting employee interviews;
e) Conducting reviews and investigations of covered contracts in conjunction with FHWA as appropriate;
f) Forwarding refusal to pay and/or debarment consideration cases to the USDOL Wage and Hour Division for appropriate action; and
g) Submitting enforcement reports and semi-annual enforcement reports to the USDOL Wage and Hour Division.
The Washington State Department of Transportation’s Construction Manual M41-01.41, December 2022 edition, section 1-07.9, Wages, states in part:
Federal Prevailing Wage
Enforcement of Federal Prevailing Wage Provisions
In addition to the requirements of Standard Specifications Section 1-07.9, all Contracts financed with Federal funding includes the Required Contract Provisions for Federal-Aid Construction Contracts (FHWA-1273). These provisions identify Federal wage requirements. The Federal prevailing wage requirements included in these provisions are also commonly referred to as Davis Bacon and Related Acts (DBRA). It is the Project Engineer’s responsibility to monitor and enforce these provisions to the degree necessary to ensure full compliance. In order to comply with these requirements, the Contractor must:
Submit weekly certified payrolls to the Project Engineer through LNI’s Prevailing Wage Intents and Affidavits (PWIA) system.
Ensure each Subcontractor, and each agent or lower-tier subcontractor submits weekly certified payrolls to the Project Engineer through PWIA.
SS1-07.9(5) Required Documents
Statement of Intent
Every Contractor, Subcontractor, agent, or lower tier subcontractor performing work on a public works contract must submit a Statement of Intent to Pay Prevailing Wages to LNI for approval. Separate Intents are required for each Request to Sublet submitted on the project. Hiring Contractors are required to file an Intent if they hire a lower tier subcontractor subject to prevailing wages.
Certified payroll must be submitted to the Project Engineer through PWIA for each Contractor, Subcontractor, and each lower tier subcontractor performing work on the project, regardless of funding source or delivery method. Certified payrolls are required from the time each Firm begins performing Contract work until the time the Affidavit is visible in PWIA, or until the Contractor has identified their last certified payroll has been submitted.
A tracking sheet is required to document when Project Office staff verify that certified payrolls are received through PWIA. The frequency of verification depends on the funding source of the project. Weekly verification is required for federally funded projects, while monthly verification is required for state funded contracts. The tracking sheet needs to indicate that all active Contracts have been checked for late or missing certified payrolls. PWIA will be used to track requests made for missing certified payrolls. A separate tracking sheet may be used to track which certified payrolls have been verified for each project.
Federally funded projects require weekly submittals. Further review of the payroll will be required to ensure the Federal prevailed wage rate is met using the Wage Determination included in the Contract Special Provisions.
Federally funded Contracts:
• Weekly submittals
• No leniency on late submittals
• Required for every week, whether work was performed or not
• Enforcement of all Federal requirements will remain WSDOT responsibility
Federally funded projects require weekly submittal of certified payrolls. If the Contractor is unable to submit their payroll electronically using PWIA, they must submit the certified payrolls directly to the Project Office.
Non-compliance or non-submittal could result in the Project Engineer withholding an appropriate portion of payment (see Section SS 1-09.9).
The Washington State Department of Transportation’s Construction Manual M41-01.41, December 2022 edition, section 1-09, Measurement and Payment, subsection 9, Payments, states in part:
Withholding of Payments
Withholding payments for the work the Contractor has performed and completed in accordance with the contract should not be done casually. There must be clear contract language supporting the action. The authority to withhold progress payments is subdelegated to the Regions. Further delegation to the Project Engineers is at the discretion of each Region.
Delinquent Contractor Submittals
Missing submittals is a principal source of delays in closing out the project and processing the final estimate. As the project proceeds toward completion, the Project Engineer and the Contractor should attempt to obtain all submittals as the need arises. These might include such things as materials certificates, certified payrolls, extension of time requests, or any other item or document that delay processing the final estimate.
2023-014 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with quality assurance program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction Cluster.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction Program
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Quality Assurance Program
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-011
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $706 million in federal Highway Planning and Construction program funds during fiscal year 2023. Of that amount, it spent more than $343 million on state-administered construction projects.
Federal regulations require that the Department have a quality assurance (QA) program, approved by the Federal Highway Administration (FHWA), for construction projects on the National Highway System to ensure that materials and workmanship conform to approved plans and specifications. Verification sampling must be performed by qualified testing personnel employed by the Department or its designated agent, excluding the contractor.
The Department’s QA program requirements are outlined in the Construction Manual, which is approved by the FHWA. This manual documents how materials are tested for acceptance before being incorporated into construction projects. Materials can be accepted in various ways, such as sample testing, a visual inspection documented by the Field Note Record or Inspector’s Daily Report, or a certification of compliance from the manufacturer. If a materials test is required, the Department must ensure that only qualified people perform the testing, including independent testers, consultants or certified Department employees.
To ensure that materials incorporated into a project meet approved plans and specifications, the Department prepares a list of prescribed materials to be used on the project. The Department uploads this list to a program called the Record of Materials (ROM). The ROM sets forth the materials and quantities that are expected to be used on the project, and it documents the proper acceptance criteria, including any test(s) personnel are required to perform on a material. Once created, Project Engineers responsible for managing the construction project update the ROM to indicate the type and quantity of materials incorporated into the project so management can ensure the materials test(s) that are required for acceptance have occurred.
To ensure that only qualified people perform the testing, testers must pass a certification exam, which consists of a written and performance exam. After passing both, the testers are entered into the Qualified Tester Database and are certified for five years, after which they must recertify by passing both exams again. There are two different types of tester qualifications: module and method. Module testers are proficient in multiple method tests that can encompass all method tests for a particular material, whereas method testers may only be proficient in particular tests for any given material.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed materials testing for projects funded by the Highway Planning and Construction Cluster. The prior finding numbers were 2022-011, 2021-011, 2020-017 and 2019-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction Cluster.
We used a statistically valid sampling method to randomly select 58 out of 1,991 materials that were used on federally funded projects during state fiscal year 2023.
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
For the 58 randomly selected materials, we requested supporting documentation for acceptance and/or testing of the material. We found:
• Three materials (5 percent) where testing did not occur, or the Department was unable to provide documentation justifying the item did not require testing.
• Two additional materials (3 percent) where the Department did not provide adequate supporting documentation to demonstrate the materials we selected were properly tested, according to the Standard Specifications. One of these materials did not meet the minimum acceptance criteria outlined in the Standard Specifications, and the Department paid the contractor for the material used on the project.
Testing personnel were not properly certified
We reviewed documentation to verify whether the testers performing sampling activities for the Department had all required documents to support their certification. We found:
• Four instances (7 percent) where the tester was missing a required exam for certification
• Three instances (5 percent) where the Department was unable to provide documentation to support that the tester met certification requirements. All three instances correspond to materials for which the Department could produce no records demonstrating the items were tested for acceptance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
Management did not adequately monitor project offices to ensure required materials testing and acceptance occurred in accordance with the Construction Manual.
Testing personnel were not properly certified
Project Engineers did not ensure tester qualifications were current, and management did not ensure that only qualified testers performed materials testing and acceptance on behalf of the Department.
Effect of Condition
By not adequately monitoring project materials to ensure they conform to approved plans and specifications, the Department does not have reasonable assurance that materials incorporated into projects conform to standard specifications and the Construction Manual.
By not properly verifying and documenting the testers’ qualifications, the Department risks improper materials testing. This could result in the Department using materials that may not conform to approved plans and specifications.
Recommendations
We recommend the Department:
• Improve internal controls, and monitor project offices, to ensure that required sampling activities occur, as required, and permanently incorporated materials conform to standard specifications for all federal aid construction projects
• Strengthen internal controls to ensure testers have completed all required exams—and that they have proper documentation of passing these exams—before performing sampling activities
Continue to review all testers to ensure they meet the minimum requirements for certification
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Federal Highway Program and the federally required Quality Assurance (QA) program. The Department is committed to ensuring our programs continue to comply with federal regulations and recognizes that there are always opportunities for improvement to its QA program.
The Department is working towards replacement of its ROM legacy system; therefore, it was not practical to modify this system to help correct issues reported in a similar finding in the FY 2022 Single Audit. Instead, the Department eliminated its practice requiring updates to the ROM within 30 days of payment and instead relies on the required documentation, as evidence of proper material acceptance. These changes were made during FY2023, which did not allow time to be fully reflected in the current year’s audit. In addition, in January 2023 WSDOT modified its practice related to how tester data is reviewed and entered into the tester certification tracking system, as a result of audit recommendations from the FY 2022 audit. All offices now funnel tester data to the Headquarters Quality Assurance Program for review and entry. These changes to practices were communicated to appropriate staff and are reflected in the Construction Manual, which was reviewed and approved by FHWA.
Materials Acceptance
The construction contracts awarded in FY23 utilizing federal funding contained more than 4,700 materials, with approximately 1,100 of them requiring testing. The State Auditor tested 58 materials of the approximately 1,100 requiring testing; however, through our review the Department found only 4 materials (6.8%) where we could not provide documentation to support that testing occurred or was not required.
Testing Personnel Certifications
The State Auditor reviewed documentation for whether the testers performing materials sampling activities for the Department had all required documents to support their certification and took exception to documentation provided. The Department did not provide certification documents for 2 of the testers responsible for 4 of the materials tests included in the audit.
The Department has worked closely with the Federal Highway Administration (FHWA) on our QA program and continues to receive feedback from them on the strength of our program. The Department will continue to put improvements in place for the QA program based on the SAO audit recommendations. These issues were discussed at the 2024 Material Assurance Training offered 3/20/2024, and we will continue to deliver other training to Project Engineering Offices to emphasize QA program requirements throughout the year.
Auditor’s Remarks
We thank the Department for its cooperation and assistance during the audit.
We maintain that there are five materials out of 58 (8.6 percent) examined during the audit that did not have adequate supporting documentation to demonstrate the materials met the minimum acceptance criteria according to the Department’s Construction Manual. We used a statistical sampling methodology for this test and therefore expect the error rate of 8.6 percent to be representative of the entire population of 1,100 materials.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 23 U.S. Code of Federal Regulations (CFR) Part 637, Construction Inspection and Approval establishes the following applicable requirements:
Section 637.201 Purpose
To prescribe policies, procedures, and guidelines to assure the quality of materials and construction in all Federal-aid highway projects on the National Highway System.
Section 637.205 Policy
a) Quality assurance program. Each STD shall develop a quality assurance program which will assure that the materials and workmanship incorporated into each Federal-aid highway construction project on the NHS are in conformity with the requirements of the approved plans and specifications, including approved changes. The program must meet criteria in (Section 637.207) and be approved by the FHWA.
b) STD capabilities. The STD shall maintain an adequate, qualified staff to administer the quality assurance program. The State shall also maintain a central laboratory. The State’s central laboratory shall meet requirements in (Section 637.209(a)(2)).
c) Verification sampling and testing. The verification sampling and testing are to be performed by qualified testing personnel employed by the STD or its designated agent, excluding the contractor and vendor.
d) Random samples. All samples used for quality control and verification sampling and testing shall be random samples.
Section 637.207 Quality assurance program
a. Each STD’s quality assurance program shall provide for an acceptance program and an independent assurance (IA) program consisting of the following:
1. Acceptance program.
i. Each STD’s acceptance program shall consist of the following:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
C. Identification of the specific attributes to be inspected which reflect the quality of the finished product.
ii. Quality control sampling and testing results may be used as part of the acceptance decision provided that:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Department of Transportation’s Construction Manual (M41-01), Chapter 9: Materials, states in part:
9-1 General
The quality of materials used on the project will be evaluated and accepted in various ways, whether by testing of samples, visual inspection, or certification of compliance. This chapter details the manner in which these materials can be accepted. Requirements for materials are described in Standard Specifications for Road, Bridge, and Municipal Construction M 41-10 Section 1-06 and Division 9.
It is the Project Engineer’s responsibility to accept materials in accordance with this chapter. For materials tests that do not meet specification requirements, the Project Engineer shall contact the State Construction Office which will coordinate with the State Materials Engineer or Assistant State Materials Engineer to determine the appropriate action.
9-1.2C Record of Materials
The Record of Materials (ROM) is used to track material type, make/model, approval, acceptance, field verification documentation, Certificate of Materials Origin, and other materials documentation.
The Project Office utilizes the ROM program to track all permanently incorporated materials that are placed in on the Contract. Temporary materials are also tracked in the ROM when the contract documents contain temporary material requirements. The Project Engineer is responsible for the accuracy of the ROM, other documentation methods used, and Certification of Materials. Acceptance requirements shown in the ROM can be modified by referencing the properly submitted QPL page or the approved Request for Approval of Materials. Reviewing the contract plans and provisions may identify additional materials documentation requirements as well as construction items that shall be added to the ROM and tracked for completion throughout the course of the project work.
In order to ensure clarity upon completion of the work and to allow for easy certification of the project by both the Project Engineer and the Region, the ROM needs to be maintained throughout the course of the project. “Maintained” and “maintain” means the ROM is updated to reflect materials placed within 30 calendar days of the material payment. This includes material type, make/model, approval, acceptance, field verification documentation, Certificate of Materials Origin and other materials documentation. For materials used in the Contract, the Project Office is required to maintain the Status Work Completed (WC)/Documentation Complete (DC) / Not Used (NU) fields in the ROM.
The Project Office is required to maintain quantities paid, quantities placed, quantities field verified for materials that have sampling frequencies, WSDOT Fabrications Inspection items, where the Acceptance Criteria requires quantities such as Manufacturer Certificate of Compliance, or when quantities are noted in the initial materials and acceptance criteria. 9-5.3 WAQTC Testing Technician Qualification Program
The Region Independent Assurance Inspectors are responsible for maintaining the Tester Qualification database information for their Region WAQTC Testers as well as maintaining the WAQTC internal certifications and records (physical and digital).
9-5.4 Method Qualified Tester Program
The Region Independent Assurance Inspectors are responsible for maintaining the Tester Qualification database information for their Region Method Testers as well as maintaining the Method internal certifications and records (physical and digital).
2023-015 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with cash management requirements for the Formula Grants for Rural Areas program.
Assistance Listing Number and Title: 20.509 Formula Grants for Rural Areas
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: WA-2019-091-01; WA-2020-038-01;
WA-2021-052-01; WA-2021-130-01;
WA-2021-133-01; WA-2022-031-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Known Questioned Cost Amount: $41,555
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation administers the Section 5311 program— Formula Grants for Rural Areas—to rural transportation areas by providing financial assistance for operating, planning, administrative expenses, and the acquisition, construction, and improvement of facilities and equipment. In addition, Section 5311 specifically provides for the support of rural intercity bus services, as well as funding for training, technical assistance, research, and related services to support the rural transit service. The Department spent about $80.3 million in program funds during fiscal year 2023. Of that amount, it passed through about $35.2 million to subrecipients through subawards.
The Formula Grants for Rural Areas program is not subject to the Cash Management Improvement Act, and is not included in the Treasury-State Agreement for Washington. Programs not covered by a Treasury-State Agreement are subject to the provisions of Title 31 of the U.S. Code of Federal Regulations, Part 205, Subpart B, which specifies how funds transfers from the federal government must be processed. The Department requests monthly federal reimbursements for operating expenses and disbursements to subrecipients.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with cash management requirements for the Formula Grants for Rural Areas program.
We used a non-statistical sampling method to randomly select and examine 17 draws of program funds out of a total population of 128. We also selected six large draws that were individually significant. During our review, we found that one draw in the amount of $41,555 was made for an incorrect program. Management reviewed, verified, and approved this draw, but the Department did not detect that funds were drawn for the incorrect program during the audit period. We consider these questioned costs.
Additionally, we found that two of the six individually significant draws were not made timely. One draw for $6.3 million was made in June 2023 for expenditures the Department incurred and paid in fiscal year 2021. Similarly, another draw for $9 million was made in April 2023 for expenditures the Department incurred and paid for in fiscal year 2022. Based on the length of time it took to perform the associated draws, we determined that the Department did not comply with federal requirements to minimize the time between the drawdown of federal funds and their disbursement for federal program purposes. Therefore, the Department’s controls did not ensure timely draws in compliance with federal regulations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management review was insufficient for ensuring that program funds were drawn only for allowable program expenditures. Additionally, management did not ensure that draws were performed timely in accordance with federal regulations and said this was due to difficulties in reconciling expenditure accruals to the payment system.
Effect of Condition and Questioned Costs
Drawing funds for the incorrect federal program can potentially result in uncollected funds in one program and overdrawing another. Further, delaying federal drawdown requests results in state funds being advanced longer than necessary and lost interest revenue for the state. The table below summarizes the questioned costs our audit identified.
Projection to population Likely Questioned Costs (Estimate)
Known Questioned Costs $41,555
Federal expenditures $298,218
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR §200.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve its internal controls to ensure reimbursement requests are for the correct federal award
• Ensure draws of federal program funds are performed in a timely manner
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Formula Grants for Rural Areas Program. The Department is committed to ensuring our programs comply with federal regulations related to Cash Management.
WSDOT has implemented additional controls to help ensure the draws of program funds are accurate, drawn on the correct program, and timely. The updated procedures include: Identifying back up staff to ensure coverage during regular staff absences; Change in the timing of draws of program funds; Use of automatic ECHO system confirmations for draws entered; Additional reviews of draw amounts by project, and a Validation process with the WSDOT program staff. In addition, the questioned costs have been refunded to the incorrectly charged federal program.
In an effort to ensure increased compliance, these procedures will be reviewed regularly and updated as required.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
a. A State must minimize the time between the drawdown of Federal funds from the Federal government and their disbursement for Federal program purposes. A Federal Program Agency must limit a funds transfer to a State to the minimum amounts needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a Federal assistance program or project. The timing and amount of funds transfers must be as close as is administratively feasible to a State’s actual cash outlay for direct program costs and the proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A–102 (For availability, see 5 CFR 1310.3.).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-016 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the Formula Grants for Rural Areas program.
Assistance Listing Number and Title: 20.509 Formula Grants for Rural Areas
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: WA-2019-091-01; WA-2020-038-01; WA-2021-052-01; WA-2021-130-01; WA-2021-133-01; WA-2022-031-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation administers the Section 5311 program— Formula Grants for Rural Areas—to rural transportation areas by providing financial assistance for operating, planning, administrative expenses, and the acquisition, construction, and improvement of facilities and equipment. In addition, Section 5311 specifically provides for the support of rural intercity bus services, as well as funding for training, technical assistance, research, and related services to support the rural transit service. The Department spent about $80.3 million in program funds during fiscal year 2023. Of that amount, it passed through about $35.2 million to subrecipients through subawards.
When passing federal funds through to subrecipients, federal regulations require the Department to monitor them based on a risk assessment to ensure:
• Federal funds are used for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward.
• Subaward performance goals are achieved.
• The subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award, when applicable.
The Department’s subrecipient monitoring activities include virtual and physical site visits for various types of reviews based on risk assessments performed on a biennial basis, including:
• Financial reviews
• Administrative policy reviews
• Drug and alcohol compliance reviews
• Capital (equipment) reviews
According to the Department’s Consolidated Grant Guidebook, which outlines general grant terms and conditions, the Department conducts biennial risk assessments to evaluate each subrecipient’s risk of noncompliance with grant requirements. The Department then determines the frequency of site visits for each subrecipient based on risk level, and schedules them accordingly.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the Formula Grants for Rural Areas program.
We used a nonstatistical sampling method to randomly select and examine 12 site visits out of a total population of 65 to verify if the Department appropriately monitored its subrecipients. We found the Department did not perform two site visits during the audit period (17 percent). We also reviewed the Department’s site visit tracker and found three additional site visits that were not performed at the time of our audit. Additionally, we found that 10 other site visits were not completed by the Department’s scheduled due date (20 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department’s use of a tracker to schedule and complete site visits timely was insufficient to ensure that it appropriately monitored subrecipients in accordance with federal regulations. In addition, the Department’s policies and procedures did not specify when site visits must be conducted for subrecipients based on their assessed risk score or risk level. Accordingly, management did not enforce the due date for each subrecipient’s site visits established in the tracker, and did not ensure that all required site visits were completed.
Effect of Condition
During the audit period, the Department did not complete five out of 65 (8 percent) scheduled site visits for subrecipients. By not performing monitoring visits timely, the Department is at a higher risk of not detecting or preventing noncompliance with federal regulations and the grant’s terms and conditions. Additionally, the Department is at increased risk of not ensuring that subaward performance goals are achieved, and is unable to ensure subrecipients correct any existing deficiencies in a timely manner.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure that it performs and documents monitoring visits based on its risk assessments of its subrecipients to ensure compliance with federal regulations and its own guidebook
• Update its written policies and procedures to address the minimum requirements for conducting site visits, including determining how a subrecipient’s assessed risk score and risk level affect the timing and number of site visits required
• Monitor the status of site visits for all its subrecipients to ensure that each one is evaluated in accordance with the requirements in its own guidebook
• Follow up on subrecipients with overdue site visits to ensure they are conducted timely
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Formula Grants for Rural Areas. WSDOT is committed to ensuring our programs comply with federal regulations. WSDOT concurs with the finding and plans to implement the recommendations. Specifically, our Public Transportation Division will:
• Update Public Transportation policy and procedure to more fully document its risk-based site visit approach. This update will clarify how an organization’s risk assessment score impacts the timing and number of administrative and financial site visits. This update will not impact capital and drug and alcohol site visits because Public Transportation Division staff conduct them every two years regardless of risk assessment scores.
• Evaluate new ways for management, supervisors and staff to more effectively monitor site visit completion by established due dates. Once this group develops a new approach, management will ensure that staff document it in its policies and procedures and communicate the new approach to impacted staff.
As of October 2023, the Public Transportation Division had conducted all five site visits listed in the condition of this finding.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washinton State Department of Transportation Consolidated Grant Guidebook (M130 (March 2022 version)), Chapter 1 – Requirements and guidelines for all projects, states in part:
Program compliance and project reporting
Risk assessments
Every two years and in accordance with 2 CFR 200.332(b)(1-4), WSDOT conducts risk assessments to evaluate each grantee’s risk of noncompliance with the grant requirements. We use the risk assessment results to determine how much technical assistance and oversight may be necessary to help organizations comply with grant requirements.
WSDOT will designate organizations that have a strong record of grant compliance and project delivery as low risk. The benefits of low-risk status may include less frequent site visits.
High-risk status may result in more frequent site visits and a higher level of monitoring between site visits. For example, grantees may be required to provide full back up documentation with their claims.
Frequency of site visits
The frequency of site visits depends on the type of project, the funding source, type of site visit, and your risk scores.
Below is general information on the frequency of site visits:
• Operating projects
WSDOT will perform administrative and financial site visits at least once every four years on active projects based on an organization’s risk score.
• Planning projects
WSDOT will perform administrative and financial site visits at least once every four years on active projects based on an organization’s risk score.
• Capital vehicle and equipment projects
WSDOT will perform administrative and capital site visits at least once every four years on active projects based on an organization’s risk score through the useful life of the vehicle and/or equipment.
• Drug and alcohol program reviews
WSDOT will perform a drug and alcohol site visit every biennium as needed based on an organization’s risk. This applies only to grantees awarded Sections 5339 and 5311 funding.
2023-017 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure payments to subrecipients of the Emergency Rental Assistance program were allowable and properly supported.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: N/A
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Period of Performance
Known Questioned Cost Amount: $4,123,486
Prior Year Audit Finding: Yes, Finding 2022-016
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.55 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. During the audit period, the Department allocated program funds to 13 ERA1 subrecipients and 12 ERA2 subrecipients. Grant recipients may use ERA1 and ERA2 funds for administrative expenses, housing stability services, financial assistance, and other affordable rental housing and eviction prevention purposes.
Most of the expenditures the Department spent were for financial assistance to eligible households, which included payment of rent, rental arrears, utilities and home energy costs, utilities and home energy costs arrears, housing stability services and other expenses related to housing. Under the ERA1 program, award funds used for “other expenses” must be related to housing and “incurred due, directly or indirectly, to the COVID-19 outbreak.” The amount for prospective rent cannot exceed three months under a single household application. Financial assistance arrears may only cover household expenses accrued on or after March 13, 2020, up to a maximum of 15 months for ERA1 and a maximum of 18 months under ERA1 and ERA2 combined.
There is no maximum dollar amount for the cumulative financial assistance that may be provided on behalf of an eligible household beyond the requirement that the amounts paid be based on documentation of household income, leases and equivalent forms.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to subrecipients of the ERA program were allowable and properly supported. The prior finding number was 2022-016.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments for the ERA program were allowable and properly supported.
During the audit period, the Department had procedures in place, which required staff to review supporting documentation when approving payments.
We used a statistical sampling method to randomly select and examine 48 out of a total population of 136 subrecipient payments. Additionally, we judgmentally reviewed two significant payments that each exceeded $3 million. In total, we examined more than $39 million in provider payments as part of the audit.
Of the 48 randomly selected payments examined, we identified seven (15 percent) that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award’s period of performance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
In July 2022, the Department implemented procedures requiring staff to review supporting documentation to ensure reimbursement requests were for allowable activities before reimbursing subrecipients. However, Department staff did not follow these procedures and approved reimbursements to subrecipients that did not provide adequate supporting documentation. Management said that this was caused by staff turnover during the audit period.
Effect of Condition and Questioned Costs
We determined the Department did not receive adequate supporting documentation before reimbursing subrecipients to ensure that expenditures were for allowable activities, met cost principles, and occurred within the award’s period of performance. As a result, we identified $4,123,486 in known federal questioned costs and $11,511,399 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR 200.516(a)(3).
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that program spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure payments to subrecipients are not approved without a review of adequate supporting documentation
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department acknowledges the payments reported lacked adequate documentation to ensure compliance with federal requirements.
In July 2022, the Department began requiring subrecipients to submit supporting backup documentation for all expenditures to the program for review and approval.
Due to the temporary nature of the Emergency Rental Assistance (ERA) program, all staff supporting the administration of the program held temporary positions and staff turnover impacted consistency with compliance of federal requirements. As a result, supporting documentation for seven of the randomly selected 48 payments were approved before they were fully reviewed and determined to be properly supported. The Department will obtain the supporting documentation for those transactions to ensure the invoices paid were properly supported and to retail with the corresponding invoices.
The Department has used the reported deficiency to improve our internal control processes and has since implemented a new control process requiring staff include a note to the invoicing system recording documentation received supported and reconciled to the submitted invoice before payment is approved.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-018 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Emergency Rental Assistance program.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirements: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022- 017
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.6 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. During the audit period, the Department allocated program funds to 12 ERA1 subrecipients and 11 ERA2 subrecipients. Grant recipients may use ERA1 and ERA2 funds for administrative expenses, housing stability services, financial assistance, and other affordable rental housing and eviction prevention purposes.
The Department is required to submit quarterly ERA Compliance Reports for ERA1 and ERA2, which contain information on the number of participating households that received financial assistance and the amount of ERA funds expended or obligated by the Department to or for participating households.
The federal grantor specified there were four key line items on the ERA Compliance Report that contained critical information.
1. Administrative Cost Ratio: Total obligations and/or expenditures for administrative costs does not exceed relevant threshold of total allocation (10 percent across the prime and all subrecipients for ERA1, not to exceed 15 percent for ERA2 across the prime and all subrecipients).
2. Housing Stability Services Ratio: Total obligations and/or expenditures for housing stability services is not greater than 10 percent of total amount allocated.
3. System for Prioritizing Assistance: The number of households with less than 50 percent area median income (AMI) receiving financial assistance is greater than the number of households with greater than 50 percent AMI receiving assistance.
4. Participant Households at Certain Income Levels Eligibility: The total households receiving assistance is not greater than the sum of the AMI-banded eligible households with a 5 percent to 10 percent margin of error to avoid false positives for medium to large recipients.
Each ERA subrecipient completes a templated spreadsheet that includes these four line items and submits it monthly to the Department. The Department then sends these spreadsheets to a
third-party vendor that aggregates the monthly data for each quarter and performs data validation and diagnostic checks, including deduplication and data cleanup. The Department uses a summary of the vendor’s aggregated data to complete the ERA Compliance Report.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ERA program. The prior finding number was 2022-017.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ERA program.
During the audit period, the Department’s program staff said that all subrecipient monthly reports were reviewed and approved by the appropriate personnel before being sent to the third-party vendor for aggregation. However, program staff did not document their review or approval, so we are unable to determine if the proper reviews occurred. Additionally, the Department did not review the vendor’s aggregated data to ensure it was complete and accurate before submitting it to the grantor.
We used a non-statistical sampling method to randomly select and examine four out of a total population of seven reports. All four reports we examined had material errors, as summarized below:
Report One – ERA1 Q3 2022
• The Department underreported administrative expenses by $2,576,697 (59 percent) and housing stability services by $31,927 (100 percent).
Report Two – ERA1 final report
• The Department underreported the number of participating households by 9,880 (20 percent).
Report Three – ERA2 Q3 2022
• The Department underreported total financial assistance by $1,567,045 (9 percent) because it did not ensure all subrecipients submitted data timely for reporting.
Report Four – ERA2 Q1 2023
• The Department could not provide the completed report, so we were unable to identify the amounts reported or determine if they were accurate.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not require management to document their reviews of reports and supporting documentation before submitting them to the grantor. If reviews of the reports were performed, they were inadequate for detecting the identified errors. Further, the Department did not monitor or review the vendor’s aggregated data to ensure it was reliable.
The Department also did not maintain copies of these reports after submitting them. The Department tried to download a copy of the fourth report from the reporting website, but some required fields were blank. The Department contacted the grantor for assistance but did not receive a response.
Effect of Condition
By not reviewing and reconciling aggregated subrecipient data and supporting documentation, management was unable to demonstrate the amounts reported were complete and accurate. In addition, by not retaining completed reports, management was unable to demonstrate the Department reported key line items to the grantor.
Without establishing adequate internal controls, the Department cannot reasonably ensure that the required line items reported to the grantor are complete and accurate.
Recommendations
We recommend the Department:
• Ensure it retains copies of completed reports after submitting them to the grantor
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Ensure it reviews the aggregated subrecipient data collected from the third-party vendor for completeness and accuracy
Department’s Response
The Department contracted with a vendor skilled in performing data analytics to aggregate the data required in the monthly and quarterly reports submitted to the Department of Treasury (Treasury). Each Treasury report included data on thousands of households served as well as millions of dollars expended in financial assistance. Department staff reviewed grantee’s data before it was submitted to the vendor and often communicated with grantees to recommend corrections to their data, however, that review process was not explicitly documented.
During a review of cumulative data for Emergency Rental Assistance (ERA) 1 and ERA2, an error was made, two numbers were transposed when reporting households served, resulting in underreporting in the ERA1 Final Report.
Treasury guided grantees to correct previous report issues on future reports instead of submitting a new report for that quarter, resulting in late or corrected data being updated on a future ERA2 report. The Department was unable to access Treasury reports even though Treasury reports were supposed to be available for download through their reporting portal. However, the download function was often unavailable. When the Department requested the ERA2 Q1 2023 report from Treasury, Treasury was unresponsive, and the Department was unable to obtain and provide the data requested by the State Auditor’s Office (SAO).
We thank the SAO for the opportunity to respond to the concerns reported as a result of the audit for ERA reporting. We strive to improve our internal controls and increase our compliance.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Monitoring and reporting program performance, section 329, states in part:
(b) Reporting program performance.
The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. Also, in accordance with above mentioned common information collections, and when required by the terms and conditions of the Federal award, recipients must provide cost information to demonstrate cost effective practices (e.g., through unit cost data). In some instances (e.g., discretionary research awards), this will be limited to the requirement to submit technical performance reports (to be evaluated in accordance with Federal awarding agency policy). Reporting requirements must be clearly articulated such that, where appropriate, performance during the execution of the Federal award has a standard against which non-Federal entity performance can be measured.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
15 U.S. Code 9058c, Emergency rental assistance, establishes funding and allocation requirements.
2023-019 The Department of Commerce did not have adequate internal controls over reporting requirements for the Emergency Rental Assistance program.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Special Tests and Provisions: ERA Funds Reallocation
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-017
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.6 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. During the audit period, the Department allocated program funds to 13 ERA1 subrecipients and 11 ERA2 subrecipients. Grant recipients may use ERA1 and ERA2 funds for administrative expenses, housing stability services, financial assistance, and other affordable rental housing and eviction prevention purposes.
The Department is required to submit quarterly financial reports (SF-425) for ERA1 and ERA2. These reports contain information on award receipts, expenditures by state and federal share, cash on hand, any unobligated balance, and indirect costs for the reporting period. The U.S. Department of the Treasury uses the cumulative obligated and expended amounts in these quarterly reports to make reallocation determinations to ensure ERA funds remain available to grantees in accordance with jurisdictional needs and demonstrated capacity to deliver assistance while the ERA appropriations remain available.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ERA program. The prior finding number was 2022-017.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the ERA program.
The Department’s procedure requires the Grants and Loan Manager, or their delegate, to review and approve each SF-425 report in the Department’s Contract Management System (CMS) before it is submitted to Treasury. This review process ensures the reports are complete, accurate and reconcile with backup documentation from the agency’s accounting system.
We used a non-statistical sampling method to randomly select and examine four out of a total population of seven quarterly financial reports. We found one report (25 percent) that was not reviewed or approved in CMS until 45 days after it was submitted to Treasury.
We consider this internal control deficiency to be a material weakness.
This issue was reported as a finding in the prior audit.
Cause of Condition
Department officials said staff turnover and a lack of management oversight resulted in the report being submitted to Treasury without the required approval in CMS.
Effect of Condition
By not properly reviewing the SF-425 report, the Department risks inaccurate reporting and cannot reasonably ensure that the expenditure and obligation amounts reported to Treasury are complete and accurate. As a result, Treasury may not be able to make accurate reallocation determinations.
Recommendations
We recommend the Department:
• Ensure management review and approve the SF-425 reports before staff submit them to Treasury
• Properly train new staff and ensure management oversee the ERA reporting process
Department’s Response
The Department would like to thank the State Auditor’s Office for their diligence in auditing emergency rental assistance reporting for fiscal year 2023. The Department acknowledges an error was made and one SF-425 approval was not documented in the Contracts Management System prior to submission to the Department of Treasury as required. The Department has made significant improvement in documenting program reviews and approvals in the submission of required reports. The Department initiated a spreadsheet for fiscal analysts, supervisors and/or program managers to document their approval in CMS after review of the SF-425. This will ensure submission approval is made in CMS for all future reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
15 U.S. Code § 9058a – Emergency rental assistance
(d) Reallocation of unused funds
Beginning on September 30, 2021, the Secretary shall recapture excess funds, as determined by the Secretary, not obligated by a grantee for the purpose described under subsection (c) and the Secretary shall reallocate and repay such amounts to eligible grantees who, at the time of such reallocation, have obligated at least 65 percent of the amount originally allocated and paid to such grantee under subsection (b)(1), only for the allowable uses described under subsection (c). The amount of any such reallocation shall be determined based on demonstrated need within a grantee’s jurisdiction, as determined by the Secretary.
Department’s Federal Financial Reporting (FFR) Process
PART II – Preparing the FFR
6) In box 13a – 13e enter the information for the individual preparing the FFR. Grants & Loans Manager or delegate must review and sign the FFR prior to submittal.
2023-020 The Department of Commerce did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the Emergency Rental Assistance program.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.6 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. The Department allocated program funds to 12 subrecipients for ERA1 and 11 subrecipients for ERA2.
Federal regulations require the Department to monitor the activities of its subrecipient as necessary to ensure that they use their subawards for authorized purposes, comply with the terms and conditions of their subawards, and achieve performance goals. The Department performed one round of monitoring for each of the ERA1 and ERA2 subrecipients to ensure compliance.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the ERA program.
During the audit period, the Department had written procedures requiring reviewers to examine client files. However, they were only required to examine five client files for ERA1 and 10 client files for ERA2.
We used a non-statistical sampling method to randomly select and examine five out of a total population of 12 subrecipients. For these five subrecipients, we verified that staff reviewed the number of client files that management required for each program. However, there were a total of 30,153 households served for ERA1 and 30,963 households served for ERA2. Thus, the Department reviewed less than one-half of 1 percent of client files for each ERA1 and ERA2 subrecipient. We determined the individual client reviews were sufficient. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files reviewed for each subrecipient:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials said that limited staffing capacity determined how many client files were reviewed.
Effect of Condition
Subrecipient monitoring procedures are critical for ensuring program compliance and identifying potential misappropriations of public funds. Without establishing adequate internal controls, the Department cannot reasonably ensure that its subrecipients are using federal funds for allowable purposes. Additionally, without adequately monitoring each subrecipient’s uses of federal funds, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend the Department modify its written procedures to require an adequate number of subrecipient client files to be reviewed during program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements.
Department’s Response
The Emergency Rental Assistance (ERA) program monitoring commenced in fiscal year 2022 and continued in fiscal year 2023. The program established a process to monitor five to ten client files, which included randomly selected fiscal back up documentation from an invoice for each subrecipient. This process is included in the ERA monitoring procedure. On average it has taken three months to collect the required monitoring documentation from grantees due to the complicated nature of the program and administrative burden subrecipients faced in administering the award. The program has an average of three project staff to perform all monitoring duties which has resulted in program monitoring taking longer than anticipated. The program opted to focus on being able to do a smaller monitoring for every subrecipient instead of completing a larger monitoring for only a few subrecipients. This process allowed the Department to successfully complete a program monitoring for all ERA subrecipients. We understand that the sample size we are able to monitor is not sufficient given the size of the ERA program. SAO has not provided explicit guidance as to what an appropriate ratio of client files would be compared to the amount of households served and financial assistance expended. The program and the Department strive to improve subrecipient monitoring to address the appropriate level of risk for each recipient of federal funds.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2023-021 The Department of Commerce did not have adequate internal controls over federal requirements to ensure subawards for the Emergency Rental Assistance program contained the correct federal award identification elements.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.6 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. During the audit period, The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. The Department allocated program funds to 12 subrecipients for ERA1 and 11 subrecipients for ERA2.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes the 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over federal requirements to ensure ERA subawards contained the correct federal award identification elements.
During the audit period, the Department executed one ERA subaward for more than $4 million. We examined the subaward and found it contained the 14 required elements. However, we found it was not clearly identified as a federal subaward, and the subrecipient was referred to as a contractor throughout the award.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had an adequate internal control in place to ensure that the subaward included all the correct information. Furthermore, the subrecipient was referred to as a contractor throughout the award because the Department used a contract template; it did not have a subaward template available at that time.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to the subrecipient. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure the subrecipient has been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions.
Recommendations
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately, there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used.
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements. We communicated the Requirements for Pass Through Entities to the recipient which is only communicated to subrecipients per the CFR.
Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. Short of an error being made, the Department feels this exception has been resolved. We appreciate the opportunity to respond to this error.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
2023-022 The Housing Finance Commission did not have adequate internal controls over eligibility requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission is required to ensure all homeowners who receive HAF funds are eligible for the program. The HAF Plan Term Sheet, approved by the federal grantor, outlines the general eligibility requirements for the program. The Commission entered into an agreement with a contractor to perform eligibility determinations for the program. As part of the agreement, the contractor reviews eligibility determinations for 10 percent of applications that were approved, denied and withdrawn each quarter. The contractor provides these results to the Commission. To ensure the contractor made the correct determinations, Commission staff reviews 10 percent of the eligibility determinations that the contractor reviewed.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over eligibility requirements for the HAF program.
During the audit period, the Commission only reviewed 1 percent of all approved, denied and withdrawn applications. The determinations that staff reviewed were only taken from those that the contractor selected, so the Commission had no assurance that the 90 percent of the determinations the contractor did not select were made properly. Because the Commission did not perform any additional independent reviews, we determined the Commission did not perform an adequate level of review to ensure proper eligibility determinations were made for the program as a whole.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management believed the level of review performed by Commission staff was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without establishing adequate internal controls, the Commission is at a higher risk of paying ineligible homeowners. In addition, by only reviewing cases that the contractor selected, there is a risk that the eligibility determinations that Commission staff reviewed were not representative of the program as a whole.
Recommendations
We recommend the Commission:
• Improve internal controls to ensure it only provides HAF funds to eligible homeowners
• Ensure that Commission staff perform and document an adequate review of approved, denied and withdrawn HAF applications that are independent of those reviewed by the contractor
Commission’s Response
The Commission concurs with this finding.
The Commission will strengthen its controls and increase its level of reviews, including a selection of applications independent of those verified by the contractor to ensure a more representative population.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Eligibility. Under this program, HAF participants are responsible for ensuring funds are used for eligible purposes. Generally, HAF participants must develop and implement policies and procedures, and record retention, to determine and monitor implementation of criteria for determining the eligibility of beneficiaries and / or Subrecipients. HAF participants, and if applicable, the Subrecipient(s) administering a program on behalf of the HAF participant, will need to maintain procedures for obtaining information evidencing a given beneficiary, Subrecipient, or contractor’s eligibility, including a valid SAM.gov registration. Implementing risk-based due diligence for eligibility determinations is a best practice to augment your organization’s existing controls.
2023-023 The Housing Finance Commission did not have adequate internal controls over earmarking requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission must meet earmarking requirements for the following four categories:
1. Counseling or educational efforts by housing counseling agencies approved by the U.S. Department of Housing and Urban Development (HUD), tribal government (including such efforts by in-house housing counselors who are HUD certified or tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5 percent of the funding from the HAF received by the HAF participant.
2. Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15 percent of the funding from the HAF received by the HAF participant.
3. Participants are providing not less than 60 percent of funds to homeowners with income less than 100 percent of area median income (AMI) or 100 percent of U.S. median income.
4. Participants target homeowners who are classified as socially disadvantaged individuals (SDIs) and 100 percent AMI or less.
The Commission is required to meet the requirements of the first, second and third earmarks when the HAF funds are fully expended. When administering the program, the Commission is required to have processes in place to track these requirements to ensure it is compliant at the end of the award.
The HAF Plan, approved by the federal grantor, outlines the program design and the budget allocation for the earmarking categories. These amounts are based on the award being fully expended. For the first two earmarking requirements, the Commission used these budgets to contract for necessary services. Commission staff then maintained a tracking spreadsheet to ensure payments did not exceed the contracted amount.
For the third earmark requirement, the Commission allocated 77 percent of the HAF award to homeowners, and it required all homeowners to have an income less than 100 percent AMI. For the fourth earmark requirement, the Commission contracted with a contractor to perform outreach targeting SDIs and those that are less than 100 percent AMI.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over earmarking requirements for the HAF program.
During the audit period, the Commission tracked contractor payments applicable to the first and second earmarking requirements. However, expenditures were tracked in relation to the amounts budgeted in the HAF Plan. The Commission did not review these expenditures in relation to overall program expenditures to ensure they were on track to be compliant with the established earmarks.
For the third earmarking requirement, the Commission relied on eligibility determinations made by a contractor to ensure all homeowners in the HAF program have income less than 100 percent AMI. We determined the Commission did not have an adequate process to ensure all applicants met eligibility requirements. This condition is reported as a material weakness in internal controls in audit finding 2023-022.
Our audit did not identify issues with the fourth earmarking requirement.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While Commission staff tracked payments made to contractors allocated in the HAF Plan, management did not implement procedures to track these amounts to the total program expenditures to be able to ensure compliance.
In addition, management believed the level of eligibility determination review performed by Commission staff was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without adequate internal controls, the Commission is at risk of not meeting the earmarking requirements when the award closes if budget allocations change or the award is not fully expended.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure that it tracks and meets the earmarking requirements
• Improve internal controls to ensure eligibility determinations are made properly
Commission’s Response
The Commission concurs with this finding.
The Commission will develop a system to track and meet earmarking requirements relative to expenditure levels. Additionally, the Commission will strengthen its controls and increase its level of reviews, including a selection of applications independent of those verified by the contractor to ensure a more representative population.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund Guidance, states, in part:
Qualified Expenses:
Counseling or educational efforts by housing counseling agencies approved by HUD or a tribal government (including such efforts by in-house housing counselors who are HUD certified or Tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5% of the funding from the HAF received by the HAF participant.
Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15% of the funding from the HAF received by the HAF participant.
2023-024 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission is required to submit quarterly HAF financial reports that have information on the cumulative obligations and expenditures to date. These reports are due 45 days after the end of each quarter. The federal grantor specified there were two key lines items on the report that contained critical information:
1. Administrative Expenses – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 15 percent for admin expenses.
2. Services, Counseling & Education – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 5 percent for legal services, counseling and education.
The HAF Plan, approved by the federal grantor, outlines the budget allocation of administrative, services, counseling and education expenditures. The Commission uses these budgets to contract required services. Commission staff maintain a tracking spreadsheet for HAF obligations and payments made to contractors. Staff use data from this spreadsheet to fill out the quarterly reporting template. Once completed, the Commission submits the report in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The spreadsheets used to track obligation and expenditure data to prepare reports were not accurate and complete. We determined staff were reporting expenditures that had not been paid in the expenditure category instead of as obligations. We also determined staff made errors when recording the obligation amounts. These errors included not properly realizing all of the expenditures in the accounting system, not realizing all administrative obligations and including obligations that were not supported.
We used a non-statistical sampling method to randomly select and examine four out of a total population of seven quarterly reports. All four reports (100 percent) that we examined had errors, as summarized in the table below.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
These reports are mainly comprised of financial information that is recorded in the Commission’s accounting system. Commission officials said there was a lack of coordination between program and finance staff in compiling these reports to ensure the correct data was used. Furthermore, the Commission did not require management to review the reports and their supporting documentation before submitting them to the grantor.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the supporting documentation to ensure the correct source data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will implement a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
The following programmatic information will be required in Quarterly Reports.
f. Program(s) Information- HAF participants will provide information on all HAF programs. Programs are new or existing eligible government services or investments funded in whole or in part by HAF funding. For each program, the HAF participant will be required to enter the following information:
• Total Obligations Cumulative to Calendar Quarter end date;
• Total Expenditures Cumulative to Calendar Quarter end date;
g. Expenditures- HAF participants are required to report the HAF assistance expended or spent by the HAF participant. HAF participants will be asked to report expenditures on a cumulative basis at the following levels: the participant-level, program-level, and program design element-level. At the participant-level, HAF participants will be asked to disaggregate expenditures or amounts expended by the categories noted under the Disaggregated Information requirement below.
• The information provided in this section will relate to the HAF Grantee Plan Budget Expenditures broken out by Program Design Element.
h. Obligations- HAF participants are required to report the HAF assistance obligated. HAF participants will be asked to report obligations on a cumulative basis at the participant-level, program-level, and program design element-level. HAF participants will be asked to disaggregate participant-level obligations by the categories noted under the Disaggregated Information requirement below.20
The information provided in this section will relate to the HAF Grantee Plan Budget Obligations broken out by Program Design Element.
2023-025 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission implemented a pilot program before launching the main HAF program. The Commission contracted with a contractor to help implement the main HAF program and maintain participant data. The Commission is required to submit an annual performance report that provides an overview of its intended and actual uses of funding to-date for the pilot and main HAF programs. The federal grantor identified two key lines items on the report that contained critical information:
1. Socially Disadvantaged Individuals (SDIs) – Quantifiable Objective Criteria: Participants are providing not less than 60 percent of funds to homeowners with income less than 100 percent area median income (AMI) or 100 percent of U.S. median income.
2. AMI – Quantifiable Objective Criteria: Participants target homeowners that are classified as SDI and 100 percent AMI or less.
The HAF Plan, approved by the federal grantor, outlines the budget allocations, goals, and types of assistance for the Washington HAF program. The HAF reporting portal automatically populates each section of the annual report template with information from this plan. The Commission is required to submit a narrative on the status of each section. Commission staff use participant data provided by the contractor to complete the report template. Once completed, Commission management review the report, and then the preparer submits it in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The contractor only provided summary-level data to the Commission at the time of reporting. As a result, Commission staff did not have detailed supporting documentation to review to verify that the total amounts in the contractor’s reports were complete and accurate. Additionally, the Commission did not have documented evidence to support that management reviewed the annual report prior to submission.
We reviewed the report submitted on November 9, 2022, that covered the start of the award through September 30, 2022. The report identified 58 SDIs, and we determined the total is actually 87 SDIs (33 percent underreported) for the pilot and main programs combined. We found the Commission did not report SDIs that were identified as “other” in the pilot program.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Commission did not require the contractor to submit detailed support for the total numbers provided for reporting to ensure all categories were included. In addition, the Commission did not ensure adequate management review of the report prior to submission.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the detailed supporting documentation to ensure the correct data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will implement a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
HAF participants are required to submit an Annual Performance Report on an annual basis and demonstrate the impact of the HAF-financed programs. Reports should include data related to program outputs and outcomes against the stated objectives of the HAF participant’s HAF Grant Plan.
Performance Goals
HAF participants initially submitted performance goals on the use of HAF awarded funds in their approved Grantee Plan. Each one of the performance goals should have identified how the HAF participant will address homeowner needs and should have been disaggregated by key characteristics such as mortgage type, racial and ethnic demographics, and/or geographic areas, as appropriate. HAF participants will be required to provide a status update and quantitative measures, if applicable, on each of their initial performance goals set forth in their Grantee Plan. Please note, HAF participants will not have the ability to alter their original performance goals noted in their Grantee Plan nor add additional performance goals in the Annual Report.
Methods for Targeting and HAF Funding
HAF participants were asked in their original Grantee Plan to describe how the HAF participant will effectively target HAF award funds to (1) homeowners with incomes equal to or less than 100% of the area median income or equal to or less than 100% of the median income for the United States, whichever is greater; and (2) socially disadvantaged individuals. The description included the HAF participant’s targeting strategies. HAF participants will be required to provide an update on their targeting methods and if they have appropriately executed targeting methods according to their original Grantee Plan.
2023-022 The Housing Finance Commission did not have adequate internal controls over eligibility requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission is required to ensure all homeowners who receive HAF funds are eligible for the program. The HAF Plan Term Sheet, approved by the federal grantor, outlines the general eligibility requirements for the program. The Commission entered into an agreement with a contractor to perform eligibility determinations for the program. As part of the agreement, the contractor reviews eligibility determinations for 10 percent of applications that were approved, denied and withdrawn each quarter. The contractor provides these results to the Commission. To ensure the contractor made the correct determinations, Commission staff reviews 10 percent of the eligibility determinations that the contractor reviewed.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over eligibility requirements for the HAF program.
During the audit period, the Commission only reviewed 1 percent of all approved, denied and withdrawn applications. The determinations that staff reviewed were only taken from those that the contractor selected, so the Commission had no assurance that the 90 percent of the determinations the contractor did not select were made properly. Because the Commission did not perform any additional independent reviews, we determined the Commission did not perform an adequate level of review to ensure proper eligibility determinations were made for the program as a whole.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management believed the level of review performed by Commission staff was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without establishing adequate internal controls, the Commission is at a higher risk of paying ineligible homeowners. In addition, by only reviewing cases that the contractor selected, there is a risk that the eligibility determinations that Commission staff reviewed were not representative of the program as a whole.
Recommendations
We recommend the Commission:
• Improve internal controls to ensure it only provides HAF funds to eligible homeowners
• Ensure that Commission staff perform and document an adequate review of approved, denied and withdrawn HAF applications that are independent of those reviewed by the contractor
Commission’s Response
The Commission concurs with this finding.
The Commission will strengthen its controls and increase its level of reviews, including a selection of applications independent of those verified by the contractor to ensure a more representative population.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Eligibility. Under this program, HAF participants are responsible for ensuring funds are used for eligible purposes. Generally, HAF participants must develop and implement policies and procedures, and record retention, to determine and monitor implementation of criteria for determining the eligibility of beneficiaries and / or Subrecipients. HAF participants, and if applicable, the Subrecipient(s) administering a program on behalf of the HAF participant, will need to maintain procedures for obtaining information evidencing a given beneficiary, Subrecipient, or contractor’s eligibility, including a valid SAM.gov registration. Implementing risk-based due diligence for eligibility determinations is a best practice to augment your organization’s existing controls.
2023-023 The Housing Finance Commission did not have adequate internal controls over earmarking requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission must meet earmarking requirements for the following four categories:
1. Counseling or educational efforts by housing counseling agencies approved by the U.S. Department of Housing and Urban Development (HUD), tribal government (including such efforts by in-house housing counselors who are HUD certified or tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5 percent of the funding from the HAF received by the HAF participant.
2. Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15 percent of the funding from the HAF received by the HAF participant.
3. Participants are providing not less than 60 percent of funds to homeowners with income less than 100 percent of area median income (AMI) or 100 percent of U.S. median income.
4. Participants target homeowners who are classified as socially disadvantaged individuals (SDIs) and 100 percent AMI or less.
The Commission is required to meet the requirements of the first, second and third earmarks when the HAF funds are fully expended. When administering the program, the Commission is required to have processes in place to track these requirements to ensure it is compliant at the end of the award.
The HAF Plan, approved by the federal grantor, outlines the program design and the budget allocation for the earmarking categories. These amounts are based on the award being fully expended. For the first two earmarking requirements, the Commission used these budgets to contract for necessary services. Commission staff then maintained a tracking spreadsheet to ensure payments did not exceed the contracted amount.
For the third earmark requirement, the Commission allocated 77 percent of the HAF award to homeowners, and it required all homeowners to have an income less than 100 percent AMI. For the fourth earmark requirement, the Commission contracted with a contractor to perform outreach targeting SDIs and those that are less than 100 percent AMI.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over earmarking requirements for the HAF program.
During the audit period, the Commission tracked contractor payments applicable to the first and second earmarking requirements. However, expenditures were tracked in relation to the amounts budgeted in the HAF Plan. The Commission did not review these expenditures in relation to overall program expenditures to ensure they were on track to be compliant with the established earmarks.
For the third earmarking requirement, the Commission relied on eligibility determinations made by a contractor to ensure all homeowners in the HAF program have income less than 100 percent AMI. We determined the Commission did not have an adequate process to ensure all applicants met eligibility requirements. This condition is reported as a material weakness in internal controls in audit finding 2023-022.
Our audit did not identify issues with the fourth earmarking requirement.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While Commission staff tracked payments made to contractors allocated in the HAF Plan, management did not implement procedures to track these amounts to the total program expenditures to be able to ensure compliance.
In addition, management believed the level of eligibility determination review performed by Commission staff was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without adequate internal controls, the Commission is at risk of not meeting the earmarking requirements when the award closes if budget allocations change or the award is not fully expended.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure that it tracks and meets the earmarking requirements
• Improve internal controls to ensure eligibility determinations are made properly
Commission’s Response
The Commission concurs with this finding.
The Commission will develop a system to track and meet earmarking requirements relative to expenditure levels. Additionally, the Commission will strengthen its controls and increase its level of reviews, including a selection of applications independent of those verified by the contractor to ensure a more representative population.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund Guidance, states, in part:
Qualified Expenses:
Counseling or educational efforts by housing counseling agencies approved by HUD or a tribal government (including such efforts by in-house housing counselors who are HUD certified or Tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5% of the funding from the HAF received by the HAF participant.
Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15% of the funding from the HAF received by the HAF participant.
2023-024 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission is required to submit quarterly HAF financial reports that have information on the cumulative obligations and expenditures to date. These reports are due 45 days after the end of each quarter. The federal grantor specified there were two key lines items on the report that contained critical information:
1. Administrative Expenses – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 15 percent for admin expenses.
2. Services, Counseling & Education – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 5 percent for legal services, counseling and education.
The HAF Plan, approved by the federal grantor, outlines the budget allocation of administrative, services, counseling and education expenditures. The Commission uses these budgets to contract required services. Commission staff maintain a tracking spreadsheet for HAF obligations and payments made to contractors. Staff use data from this spreadsheet to fill out the quarterly reporting template. Once completed, the Commission submits the report in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The spreadsheets used to track obligation and expenditure data to prepare reports were not accurate and complete. We determined staff were reporting expenditures that had not been paid in the expenditure category instead of as obligations. We also determined staff made errors when recording the obligation amounts. These errors included not properly realizing all of the expenditures in the accounting system, not realizing all administrative obligations and including obligations that were not supported.
We used a non-statistical sampling method to randomly select and examine four out of a total population of seven quarterly reports. All four reports (100 percent) that we examined had errors, as summarized in the table below.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
These reports are mainly comprised of financial information that is recorded in the Commission’s accounting system. Commission officials said there was a lack of coordination between program and finance staff in compiling these reports to ensure the correct data was used. Furthermore, the Commission did not require management to review the reports and their supporting documentation before submitting them to the grantor.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the supporting documentation to ensure the correct source data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will implement a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
The following programmatic information will be required in Quarterly Reports.
f. Program(s) Information- HAF participants will provide information on all HAF programs. Programs are new or existing eligible government services or investments funded in whole or in part by HAF funding. For each program, the HAF participant will be required to enter the following information:
• Total Obligations Cumulative to Calendar Quarter end date;
• Total Expenditures Cumulative to Calendar Quarter end date;
g. Expenditures- HAF participants are required to report the HAF assistance expended or spent by the HAF participant. HAF participants will be asked to report expenditures on a cumulative basis at the following levels: the participant-level, program-level, and program design element-level. At the participant-level, HAF participants will be asked to disaggregate expenditures or amounts expended by the categories noted under the Disaggregated Information requirement below.
• The information provided in this section will relate to the HAF Grantee Plan Budget Expenditures broken out by Program Design Element.
h. Obligations- HAF participants are required to report the HAF assistance obligated. HAF participants will be asked to report obligations on a cumulative basis at the participant-level, program-level, and program design element-level. HAF participants will be asked to disaggregate participant-level obligations by the categories noted under the Disaggregated Information requirement below.20
The information provided in this section will relate to the HAF Grantee Plan Budget Obligations broken out by Program Design Element.
2023-025 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission implemented a pilot program before launching the main HAF program. The Commission contracted with a contractor to help implement the main HAF program and maintain participant data. The Commission is required to submit an annual performance report that provides an overview of its intended and actual uses of funding to-date for the pilot and main HAF programs. The federal grantor identified two key lines items on the report that contained critical information:
1. Socially Disadvantaged Individuals (SDIs) – Quantifiable Objective Criteria: Participants are providing not less than 60 percent of funds to homeowners with income less than 100 percent area median income (AMI) or 100 percent of U.S. median income.
2. AMI – Quantifiable Objective Criteria: Participants target homeowners that are classified as SDI and 100 percent AMI or less.
The HAF Plan, approved by the federal grantor, outlines the budget allocations, goals, and types of assistance for the Washington HAF program. The HAF reporting portal automatically populates each section of the annual report template with information from this plan. The Commission is required to submit a narrative on the status of each section. Commission staff use participant data provided by the contractor to complete the report template. Once completed, Commission management review the report, and then the preparer submits it in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The contractor only provided summary-level data to the Commission at the time of reporting. As a result, Commission staff did not have detailed supporting documentation to review to verify that the total amounts in the contractor’s reports were complete and accurate. Additionally, the Commission did not have documented evidence to support that management reviewed the annual report prior to submission.
We reviewed the report submitted on November 9, 2022, that covered the start of the award through September 30, 2022. The report identified 58 SDIs, and we determined the total is actually 87 SDIs (33 percent underreported) for the pilot and main programs combined. We found the Commission did not report SDIs that were identified as “other” in the pilot program.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Commission did not require the contractor to submit detailed support for the total numbers provided for reporting to ensure all categories were included. In addition, the Commission did not ensure adequate management review of the report prior to submission.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the detailed supporting documentation to ensure the correct data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will implement a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
HAF participants are required to submit an Annual Performance Report on an annual basis and demonstrate the impact of the HAF-financed programs. Reports should include data related to program outputs and outcomes against the stated objectives of the HAF participant’s HAF Grant Plan.
Performance Goals
HAF participants initially submitted performance goals on the use of HAF awarded funds in their approved Grantee Plan. Each one of the performance goals should have identified how the HAF participant will address homeowner needs and should have been disaggregated by key characteristics such as mortgage type, racial and ethnic demographics, and/or geographic areas, as appropriate. HAF participants will be required to provide a status update and quantitative measures, if applicable, on each of their initial performance goals set forth in their Grantee Plan. Please note, HAF participants will not have the ability to alter their original performance goals noted in their Grantee Plan nor add additional performance goals in the Annual Report.
Methods for Targeting and HAF Funding
HAF participants were asked in their original Grantee Plan to describe how the HAF participant will effectively target HAF award funds to (1) homeowners with incomes equal to or less than 100% of the area median income or equal to or less than 100% of the median income for the United States, whichever is greater; and (2) socially disadvantaged individuals. The description included the HAF participant’s targeting strategies. HAF participants will be required to provide an update on their targeting methods and if they have appropriately executed targeting methods according to their original Grantee Plan.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-033 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it filed all reports required by the Federal Funding Accountability and Transparency Act for the Title I, Part A program.
Assistance Listing Number and Title: 84.010 Title I Grants to Local Educational Agencies
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S010A200047; S010A210047; S010A220047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Office of Superintendent of Public Instruction administers the Title I Grants to Local Educational Agencies (Title I, Part A) program in Washington. The program provides financial assistance to help improve the teaching and learning of children who are at risk of not meeting challenging academic standards and who reside in areas with high concentrations of children from low-income families.
In fiscal year 2023, the Office spent about $276 million in federal program funds, including about $271 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Office is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Office must report subawards by the end of the month following the month in which it made the subaward. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
All program subawards are issued through both iGrants and the Education Grants Management System. The Office uses these systems to gather all the appropriate data for reporting. There were 503 Title I, Part A subawards eligible for reporting in fiscal year 2023, totaling $276,437,586.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls to ensure it filed all reports required by the Act for the Title I, Part A program.
During the audit period, the Office was required to report 503 subawards, totaling about $276 million of program funds that it awarded to subrecipients. We used a statistical sampling method to randomly select and examine 56 of the 503 subawards and found that two (3.6 percent), totaling $207,833, were not reported within FSRS.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
When uploading files into FSRS, records can be rejected from the report due to congressional district errors that occur when ZIP codes in the database do not match what is included in an uploaded report. When records are removed from the upload, they must be manually added back into the report. While manually readding records that were removed, the Office inadvertently missed reporting some subawards.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure all required reports are submitted
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
Office’s Response
In response to the audit finding, the Office will:
• Establish effective internal controls to ensure all required reports are submitted. Current cross-checking will always include the Title I, part A program.
• Ensure management monitors reporting of this information monthly to ensure future reports are submitted completely and accurately.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-033 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it filed all reports required by the Federal Funding Accountability and Transparency Act for the Title I, Part A program.
Assistance Listing Number and Title: 84.010 Title I Grants to Local Educational Agencies
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S010A200047; S010A210047; S010A220047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Office of Superintendent of Public Instruction administers the Title I Grants to Local Educational Agencies (Title I, Part A) program in Washington. The program provides financial assistance to help improve the teaching and learning of children who are at risk of not meeting challenging academic standards and who reside in areas with high concentrations of children from low-income families.
In fiscal year 2023, the Office spent about $276 million in federal program funds, including about $271 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Office is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Office must report subawards by the end of the month following the month in which it made the subaward. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
All program subawards are issued through both iGrants and the Education Grants Management System. The Office uses these systems to gather all the appropriate data for reporting. There were 503 Title I, Part A subawards eligible for reporting in fiscal year 2023, totaling $276,437,586.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls to ensure it filed all reports required by the Act for the Title I, Part A program.
During the audit period, the Office was required to report 503 subawards, totaling about $276 million of program funds that it awarded to subrecipients. We used a statistical sampling method to randomly select and examine 56 of the 503 subawards and found that two (3.6 percent), totaling $207,833, were not reported within FSRS.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
When uploading files into FSRS, records can be rejected from the report due to congressional district errors that occur when ZIP codes in the database do not match what is included in an uploaded report. When records are removed from the upload, they must be manually added back into the report. While manually readding records that were removed, the Office inadvertently missed reporting some subawards.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure all required reports are submitted
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
Office’s Response
In response to the audit finding, the Office will:
• Establish effective internal controls to ensure all required reports are submitted. Current cross-checking will always include the Title I, part A program.
• Ensure management monitors reporting of this information monthly to ensure future reports are submitted completely and accurately.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-044 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 6NH231IP922619-04-01; 5 NH23IP922619-04-00;6 NH23IP922619-02-04;
6 NH23IP922619-02-06; 6 NH23IP922619-02-03; 6 NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $416,027
Prior Year Audit Finding: Yes, Finding 2022-031
Background
The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than $24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. The periods for this program are July 1 through June 30 of the associated fiscal year. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding number was 2022-031.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by program staff.
We used a statistical sampling method to randomly select and examine 56 out of 681 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $476,000 each. In total, we examined more than $2.4 million in provider payments as part of the audit. Of the 58 payments examined, we identified seven payments (12.5 percent) and one individually significant payment that did not have the required supporting documentation for the subrecipients’ assigned risk level.
In addition, we judgmentally selected and examined six high-risk transactions out of a population of 1,293 expenditures charged to the federal fiscal year 2023 award that opened during the audit period. We found four expenditures that were improperly charged to the grant because the activity occurred before the period of performance.
We also judgmentally selected and examined two out of a population of 167 expenditures charged to the federal fiscal year 2022 award that closed during the audit period. We found one expenditure was improperly charged to the grant because the activity occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Additionally, the Department did not ensure that expenditures that were cost allocated and directly charged during the opening and closing of awards were within the award’s period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The eight payments for which the Department did not have required supporting documentation from subrecipients totaled $404,592 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $588,502.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
For the federal fiscal year award 2023 that opened during the audit period, we identified questioned costs totaling $3,852.
For the federal fiscal year 2022 award that closed during our audit period, we identified questioned costs totaling $7,583.
In total, we identified $416,027 in known federal questioned costs and $599,937 in likely questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review, approve, and communicate approval of expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Improve its internal controls to ensure expenditures charged at the beginning and end of an award are within the period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunizations grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We do not concur with several of the exceptions and questioned costs identified. The Department believes there was a lack of understanding of DOH process related to allocation of space costs and how overtime is earned and accounted for according the Collective Bargaining Agreement. Additionally, while in some instances the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. •The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
The Department did not concur with some of the identified exceptions and stated it believed it was due to our Office’s lack of understanding of their processes. This assertion is not accurate. We understand their processes, but four of the exceptions were payments for services that occurred prior to the grant being open (expenses were for the month of June 2022, but the award opened July 1, 2022. These four exceptions included the “allocation of space costs and how overtime is earned and accounted for” referred to in the Department’s response. These exceptions were discussed in detail with the Department and during these discussions the Department mistakenly asserted that the time of payment was what determined compliance, not when the activity occurred. This is not correct and may be part of why the Department did not concur with the exceptions.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-045 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6NH23IP922619-04-01; 5NH23IP922619-04-00; 6NH23IP922619-02-04; 6NH23IP922619-02-06; 6NH23IP922619-02-03; 6NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-032
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for under immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than
$24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower people with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward or amendment is executed, Department staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 36 subawards and amendments in fiscal year 2023, totaling $20,915,787.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding number was 2022-32.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the Immunization program.
During the first three months of the audit period, management did not review the reports prior to submission. During this period, the Department executed 30 out of the 36 subawards and amendments (83 percent) totaling $17,474,404, which represented 84 percent of the total amount obligated in the fiscal year.
We used a non-statistical sampling method to randomly select and examine nine out of the total population of 36 subawards and amendments. We found:
• Five of the nine subawards and amendments (56 percent) were not reported timely.
• One of the nine subawards (11 percent) contained an incorrect Unique Entity ID (UEI), subawardee name and address.
We consider this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
For the first three months of the audit period, when most of the subawards were executed, the Department did not have procedures in place to ensure management did an adequate review of the reports—and documented that it occurred—before submitting them in FSRS. Furthermore, Department officials acknowledged that for the first part of the year, staff did not use the signature date as the obligation date, which resulted in reports being submitted late. Department officials also said the amendments were submitted late because they did not have the UEIs for the subawardees, which are required to complete the submission.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and timely reports. Furthermore, failing to submit complete, accurate and timely reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendation
We recommend the Department ensure management reviews required reports to ensure they are accurate and complete before submission.
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
1. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-044 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 6NH231IP922619-04-01; 5 NH23IP922619-04-00;6 NH23IP922619-02-04;
6 NH23IP922619-02-06; 6 NH23IP922619-02-03; 6 NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $416,027
Prior Year Audit Finding: Yes, Finding 2022-031
Background
The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than $24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. The periods for this program are July 1 through June 30 of the associated fiscal year. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding number was 2022-031.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by program staff.
We used a statistical sampling method to randomly select and examine 56 out of 681 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $476,000 each. In total, we examined more than $2.4 million in provider payments as part of the audit. Of the 58 payments examined, we identified seven payments (12.5 percent) and one individually significant payment that did not have the required supporting documentation for the subrecipients’ assigned risk level.
In addition, we judgmentally selected and examined six high-risk transactions out of a population of 1,293 expenditures charged to the federal fiscal year 2023 award that opened during the audit period. We found four expenditures that were improperly charged to the grant because the activity occurred before the period of performance.
We also judgmentally selected and examined two out of a population of 167 expenditures charged to the federal fiscal year 2022 award that closed during the audit period. We found one expenditure was improperly charged to the grant because the activity occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Additionally, the Department did not ensure that expenditures that were cost allocated and directly charged during the opening and closing of awards were within the award’s period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The eight payments for which the Department did not have required supporting documentation from subrecipients totaled $404,592 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $588,502.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
For the federal fiscal year award 2023 that opened during the audit period, we identified questioned costs totaling $3,852.
For the federal fiscal year 2022 award that closed during our audit period, we identified questioned costs totaling $7,583.
In total, we identified $416,027 in known federal questioned costs and $599,937 in likely questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review, approve, and communicate approval of expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Improve its internal controls to ensure expenditures charged at the beginning and end of an award are within the period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunizations grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We do not concur with several of the exceptions and questioned costs identified. The Department believes there was a lack of understanding of DOH process related to allocation of space costs and how overtime is earned and accounted for according the Collective Bargaining Agreement. Additionally, while in some instances the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. •The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
The Department did not concur with some of the identified exceptions and stated it believed it was due to our Office’s lack of understanding of their processes. This assertion is not accurate. We understand their processes, but four of the exceptions were payments for services that occurred prior to the grant being open (expenses were for the month of June 2022, but the award opened July 1, 2022. These four exceptions included the “allocation of space costs and how overtime is earned and accounted for” referred to in the Department’s response. These exceptions were discussed in detail with the Department and during these discussions the Department mistakenly asserted that the time of payment was what determined compliance, not when the activity occurred. This is not correct and may be part of why the Department did not concur with the exceptions.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-045 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6NH23IP922619-04-01; 5NH23IP922619-04-00; 6NH23IP922619-02-04; 6NH23IP922619-02-06; 6NH23IP922619-02-03; 6NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-032
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for under immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than
$24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower people with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward or amendment is executed, Department staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 36 subawards and amendments in fiscal year 2023, totaling $20,915,787.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding number was 2022-32.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the Immunization program.
During the first three months of the audit period, management did not review the reports prior to submission. During this period, the Department executed 30 out of the 36 subawards and amendments (83 percent) totaling $17,474,404, which represented 84 percent of the total amount obligated in the fiscal year.
We used a non-statistical sampling method to randomly select and examine nine out of the total population of 36 subawards and amendments. We found:
• Five of the nine subawards and amendments (56 percent) were not reported timely.
• One of the nine subawards (11 percent) contained an incorrect Unique Entity ID (UEI), subawardee name and address.
We consider this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
For the first three months of the audit period, when most of the subawards were executed, the Department did not have procedures in place to ensure management did an adequate review of the reports—and documented that it occurred—before submitting them in FSRS. Furthermore, Department officials acknowledged that for the first part of the year, staff did not use the signature date as the obligation date, which resulted in reports being submitted late. Department officials also said the amendments were submitted late because they did not have the UEIs for the subawardees, which are required to complete the submission.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and timely reports. Furthermore, failing to submit complete, accurate and timely reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendation
We recommend the Department ensure management reviews required reports to ensure they are accurate and complete before submission.
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
1. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-044 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 6NH231IP922619-04-01; 5 NH23IP922619-04-00;6 NH23IP922619-02-04;
6 NH23IP922619-02-06; 6 NH23IP922619-02-03; 6 NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $416,027
Prior Year Audit Finding: Yes, Finding 2022-031
Background
The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than $24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. The periods for this program are July 1 through June 30 of the associated fiscal year. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding number was 2022-031.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by program staff.
We used a statistical sampling method to randomly select and examine 56 out of 681 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $476,000 each. In total, we examined more than $2.4 million in provider payments as part of the audit. Of the 58 payments examined, we identified seven payments (12.5 percent) and one individually significant payment that did not have the required supporting documentation for the subrecipients’ assigned risk level.
In addition, we judgmentally selected and examined six high-risk transactions out of a population of 1,293 expenditures charged to the federal fiscal year 2023 award that opened during the audit period. We found four expenditures that were improperly charged to the grant because the activity occurred before the period of performance.
We also judgmentally selected and examined two out of a population of 167 expenditures charged to the federal fiscal year 2022 award that closed during the audit period. We found one expenditure was improperly charged to the grant because the activity occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Additionally, the Department did not ensure that expenditures that were cost allocated and directly charged during the opening and closing of awards were within the award’s period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The eight payments for which the Department did not have required supporting documentation from subrecipients totaled $404,592 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $588,502.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
For the federal fiscal year award 2023 that opened during the audit period, we identified questioned costs totaling $3,852.
For the federal fiscal year 2022 award that closed during our audit period, we identified questioned costs totaling $7,583.
In total, we identified $416,027 in known federal questioned costs and $599,937 in likely questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review, approve, and communicate approval of expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Improve its internal controls to ensure expenditures charged at the beginning and end of an award are within the period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunizations grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We do not concur with several of the exceptions and questioned costs identified. The Department believes there was a lack of understanding of DOH process related to allocation of space costs and how overtime is earned and accounted for according the Collective Bargaining Agreement. Additionally, while in some instances the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. •The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
The Department did not concur with some of the identified exceptions and stated it believed it was due to our Office’s lack of understanding of their processes. This assertion is not accurate. We understand their processes, but four of the exceptions were payments for services that occurred prior to the grant being open (expenses were for the month of June 2022, but the award opened July 1, 2022. These four exceptions included the “allocation of space costs and how overtime is earned and accounted for” referred to in the Department’s response. These exceptions were discussed in detail with the Department and during these discussions the Department mistakenly asserted that the time of payment was what determined compliance, not when the activity occurred. This is not correct and may be part of why the Department did not concur with the exceptions.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-045 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6NH23IP922619-04-01; 5NH23IP922619-04-00; 6NH23IP922619-02-04; 6NH23IP922619-02-06; 6NH23IP922619-02-03; 6NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-032
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for under immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than
$24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower people with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward or amendment is executed, Department staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 36 subawards and amendments in fiscal year 2023, totaling $20,915,787.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding number was 2022-32.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the Immunization program.
During the first three months of the audit period, management did not review the reports prior to submission. During this period, the Department executed 30 out of the 36 subawards and amendments (83 percent) totaling $17,474,404, which represented 84 percent of the total amount obligated in the fiscal year.
We used a non-statistical sampling method to randomly select and examine nine out of the total population of 36 subawards and amendments. We found:
• Five of the nine subawards and amendments (56 percent) were not reported timely.
• One of the nine subawards (11 percent) contained an incorrect Unique Entity ID (UEI), subawardee name and address.
We consider this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
For the first three months of the audit period, when most of the subawards were executed, the Department did not have procedures in place to ensure management did an adequate review of the reports—and documented that it occurred—before submitting them in FSRS. Furthermore, Department officials acknowledged that for the first part of the year, staff did not use the signature date as the obligation date, which resulted in reports being submitted late. Department officials also said the amendments were submitted late because they did not have the UEIs for the subawardees, which are required to complete the submission.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and timely reports. Furthermore, failing to submit complete, accurate and timely reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendation
We recommend the Department ensure management reviews required reports to ensure they are accurate and complete before submission.
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
1. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-046 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Period of Performance
Known Questioned Cost Amount: $1,735
Prior Year Audit Finding: Yes, Finding 2022-033
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds in fiscal year 2023, about $17 million of which was disbursed to subrecipients.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials, supplies, and other
• Travel (in-state and out-of-state)
• Contracts and sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Beginning in February 2023, program staff documented their review and approval of the reimbursement request on a spreadsheet. The spreadsheet was only used at the program level, so it was not shared with the fiscal staff to communicate approval prior to issuing payment.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the ELC program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by the program staff.
We used a statistically valid sampling method to randomly select and examine 55 out of 441 subrecipient payments. Additionally, we judgmentally reviewed one individually significant payment that totaled $939,182. In total, we examined more than $8.8 million in subrecipient payments as part of the audit. Of the 55 randomly selected payments examined, we identified two payments (3.6 percent) that did not have the required supporting documentation for the subrecipients’ assigned risk level.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying subrecipients without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The two payments for which the Department did not have required supporting documentation from subrecipients totaled $1,735 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $46,169.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction (LHJ), document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/2022
This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-047 The Department of Health did not have adequate internal controls over and did not comply with suspension and debarment requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.6 million in federal grant funds during fiscal year 2023.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. This verification may be accomplished by obtaining a written certification from the contractor or subrecipient, or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program.
During the state fiscal year, the ELC program had 15 newly executed contracts that required a suspension and debarment check. The Department did not perform a suspension and debarment check for nine contracts (60 percent) with educational service districts (ESDs). The remaining six contracts with various entities received a suspension and debarment check.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have proper management oversight to ensure the ESD contracts received the required suspension and debarment checks. Department officials said that to accelerate contracts during the COVID-19 pandemic, along with the misperception that ESDs are an extension of the Office of Superintendent of Public Instruction, these checks were not performed.
Effect of Condition
By not performing suspension and debarment checks, the Department cannot ensure all its contractors and subrecipients are allowed to receive federal funds. Without proper checks, the Department could be required to repay the grantor for any payments made to a contractor or subrecipient that is suspended or disbarred.
We verified the nine ESDs were not suspended or debarred, so we are not questioning costs.
Recommendation
We recommend the Department establish adequate internal controls to ensure it completes the required suspension and debarment checks before entering into contracts with contractors and subrecipients that will receive $25,000 or more in federal funds.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations.
During the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and no suspension & debarment check was performed at the time. We have corrected this error moving forward with ESD contracts.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 213, Suspension and debarment, states:
Non-federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR parts 180 and 376. These regulations restrict awards, subawards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-048 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-02-07
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-034
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023.
During the audit period, the Department was required to submit various reports to the Centers for Disease Control and Prevention (CDC) for three ELC projects: Enhancing Detection, Enhancing Detection Expansion, and Reopening Schools.
Fiscal Reporting
For all three projects, the Department submits monthly fiscal reports in REDCap, a web-based system used by the CDC to collect data. This report summarizes the total monthly expenses, including salaries, fringe benefits, equipment, travel, supplies and contractual payments.
Testing Reporting
The Reopening Schools project uses this report to collect data on the use of PCR, antigen, and over-the-counter COVID-19 tests at schools. The Department works with a contractor that compiles testing data and reports the information back to the Department, which then submits the data using the CDC’s report template in REDCap.
Case Investigation and Contact Tracing (CICT) Reporting
For the Enhancing Detection and Enhancing Detection Expansion projects, the Department is required to submit monthly reports covering various attributes related to the number of COVID-19 cases reported and investigated. When a COVID-19 case is identified in the Washington Disease Reporting System, it is entered into the Case Risk and Exposure Surveillance Tool (CREST). Epidemiologists at the Department follow contact tracing protocols and enter the results of their investigations into CREST. The data is then reported in REDCap.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program. The prior finding number was 2022-034.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program.
During the audit period, the Department’s ELC program staff said that all reports were reviewed and approved by appropriate staff before submission to the federal government. However, program staff for the fiscal reports and CICT reports did not document their review or approval until January 2023, so we were unable to determine if the proper reviews occurred for the entirety of the audit period. Furthermore, the Department did not have a documented review during the audit period for the Reopening Schools testing reports.
Testing Reporting
We used a non-statistical sampling method to select and examine four out of four quarterly Reopening Schools testing reports. We found the total amounts provided by the contractor matched the amounts the Department reported in REDCap for all four quarterly reports. However, the Department did not receive or review the contractor’s detailed data that supports the total amounts to ensure it was complete and accurate before submitting the reports in REDCap.
CICT Reporting
We used a non-statistical sampling method to randomly select and review five out of 12 monthly CICT reports. We identified one month (20 percent) where the data reported in CREST did not match what was reported in REDCap. Three of the six data fields we tested had variances between CREST and REDCap reports, which ranged from 2.7 percent underreported to 3.79 percent overreported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Testing Reporting
The Department did not require management to document their reviews of reports and supporting documentation before submitting them to the grantor. Therefore, management did not ensure the total amounts provided by the contractor had adequate support to ensure the reports were accurate and complete.
CICT Reporting
Prior to January 2023, the Department did not require management to document their reviews of reports before or after submission. If management reviewed the CICT reports, the reviews were inadequate for detecting the errors our audit identified.
Effect of Condition
Testing Reporting
By not reviewing and reconciling the contractor’s summary data and supporting documentation, management was unable to demonstrate the amounts reported were complete and accurate.
CICT Reporting
By not ensuring management completes the proper reviews, the Department cannot reasonably ensure the reports are complete and accurate.
Recommendation
We recommend the Department establish and follow effective internal controls, including documented reviews, to ensure reports are accurate and complete before submitting them to the federal grantor.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future. In addition, we will work to discuss recommendations with the grants management and contracts teams at the department level to identify best practices to improve internal controls regarding document review and report accuracy to attempt to standardized process and procedures.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-049 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Department uses an Excel workbook to track subrecipients’ single audits.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions.
To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, during the audit period, the Department did not adequately perform this process.
Five subrecipients received an ELC finding, but the spreadsheet did not document them or note the Department’s follow-up actions on the subrecipients’ corrective action plans. In addition, the Department did not issue a management decision letter for any of these five findings, so the tracking spreadsheet also did not document any management decisions.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said that due to high turnover throughout the fiscal year, staff were behind on monitoring the single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• All subrecipients receive a single audit, if required
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department agrees with the finding.
The Department will review internal controls over ensuring timely review of federal subrecipient single audits and issuance of management decision letters, including monitoring controls by management to ensure future compliance with the requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
1. Reviewing financial and performance reports required by the pass-through entity.
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521.
f. Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501.
h. Consider taking enforcement action against noncompliant subrecipients as described in section 75.371and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-050 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-033
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients. In response to the COVID pandemic, ELC subrecipients have received a significant increase in funding over the last few years.
Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at general accounting information, budget information, equipment purchases and other items.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033.
Description of Condition
The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program.
The Department does not have written procedures to guide reviewers on the number of reimbursement samples to review based on the subrecipient’s risk level.
We used a nonstatistical sampling method to randomly select and examine five out of a total of 10 subrecipients that received a fiscal review during the audit period. For each subrecipients, we noted that the fiscal monitoring only covered between 0.19 percent and 3.37 percent of total grant awards. Additionally, the Department only sampled between one and nine transactions specific to the ELC program during the reviews. Furthermore, for each subrecipient, the Department only sampled from either payroll or contractor transactions, never both. These samples covered between 0.02 percent to 1.82 percent of the total ELC grant award for the subrecipients. The table below identifies the samples reviewed for each subrecipient.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management has not established guidance for how many transactions fiscal reviewers need to review from source documentation to have assurance subrecipients spent program funds spent accordance with grant requirements. Furthermore, management believed the level of review was adequate to ensure a sufficient level of monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Further, allowing staff to select samples without adequate guidance from management does not provide the Department with reasonable assurance that subrecipients spent program funds in accordance with grant requirements and federal regulations.
Recommendation
We recommend the Department strengthen internal controls to ensure it performs fiscal monitoring to a level that provides reasonable assurance that subrecipients’ use of federal funds complies with federal laws and regulations and the subaward’s terms and conditions.
Department’s Response
We do not concur with the finding.
We understand that the State Auditor’s Office (SAO) reviewed a specific grant as part of the scope of this audit. The Department of Health (DOH) finds it misleading that SAO did not report on the subrecipient review process in its entirety. The DOH Fiscal Monitoring Unit (FMU) is not an audit department, therefore the standards DOH FMU functions on are very different than what SAO is recommending in the finding. FMU is audited annually by different federal partners, and those partners have identified no concerns with the monitoring visit methodology used as it is in line with compliance requirement 2 CFR 200.332. Federal guidance does not state DOH must select a certain percentage of samples to ensure adequate review.
The DOH subrecipient monitoring process is a comprehensive process that starts with an initial risk assessment which is completed prior to contract execution. This assessment determines the level of support each subrecipient is required to submit as back up documentation for payment requests. Programs then have contract managers review this support prior to payment. In addition, monitoring visits are performed on subrecipients. As part of that process, the FMU reviews at least three months of invoices submitted by subrecipients and includes reviews of entity policies, procedures, internal controls both manual and automated, applicable contracts, history of compliance and applicable cost allocation methodology to ensure each entity is compliant with federal requirements and has adequate internal controls.
As part of the review, each FMU staff member will judgmentally select items to review from the selected invoices. FMU staff make this selection using their subject matter expertise about DOH, specific programs and federal guidance to identify transactions for review. This review includes looking at supporting documentation such as timesheets and receipts. FMU reviews the entity, not a specific grant when performing a site visit. The reviewer must document the grants the entity receives and then selects a few transactions from each award type, if applicable. Each entity has a consistent control structure across all funding types so there is no value in reviewing a significant number of transactions from each award type as the controls do not vary. As you can see from the table provided, of the invoices reviewed, DOH typically reviews a quarter of the amount invoiced for. If a grant award is not represented in the invoices selected, FMU will select an additional invoice to ensure all awards are included. This happened in the case of sample three. In the case of sample one, no vendor payments were reviewed because the entity only invoiced for payroll for the selected months. Executive leadership supports the approach used by FMU and is not considering program changes related to the recommendation at this time.
Auditor’s Remarks
While federal regulations do not require a specific percentage of program expenditures be reviewed when entities monitor subrecipients, in our judgment, the amount reviewed by the Department for the ELC program did not provide management with reasonable assurance that subawards were used for authorized purposes, were spent in compliance with federal requirements and the terms and conditions of the awards. The Department cannot rely on reviews performed for other federal awards as an effective means to ensure compliance for the ELC program.
The Department asserts that FMU staff selects invoices for all grant awards issued to the subrecipient. Then, FMU staff judgmentally pick samples from the three selected invoices, significantly limiting the number of expenditures reviewed, as evidence in our testing.
Furthermore, the Department does not have written procedures guiding FMU staff on the level of fiscal review for federal grant expenditures. It also acknowledges that the risk assessment level drives the level of backup documentation required for payment requests. The risk assessment does not influence the level of fiscal review.
The Department provided a table of the number of expenditures it asserts it reviewed at each subrecipient we tested but acknowledges that these expenditures are from all programs and not specific to ELC. The amount of review done for other federal programs or state funded programs is not relevant when determining whether the subrecipient complied with the terms of the ELC subaward.
We reaffirm our finding, and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-046 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Period of Performance
Known Questioned Cost Amount: $1,735
Prior Year Audit Finding: Yes, Finding 2022-033
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds in fiscal year 2023, about $17 million of which was disbursed to subrecipients.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials, supplies, and other
• Travel (in-state and out-of-state)
• Contracts and sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Beginning in February 2023, program staff documented their review and approval of the reimbursement request on a spreadsheet. The spreadsheet was only used at the program level, so it was not shared with the fiscal staff to communicate approval prior to issuing payment.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the ELC program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by the program staff.
We used a statistically valid sampling method to randomly select and examine 55 out of 441 subrecipient payments. Additionally, we judgmentally reviewed one individually significant payment that totaled $939,182. In total, we examined more than $8.8 million in subrecipient payments as part of the audit. Of the 55 randomly selected payments examined, we identified two payments (3.6 percent) that did not have the required supporting documentation for the subrecipients’ assigned risk level.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying subrecipients without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The two payments for which the Department did not have required supporting documentation from subrecipients totaled $1,735 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $46,169.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction (LHJ), document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/2022
This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-047 The Department of Health did not have adequate internal controls over and did not comply with suspension and debarment requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.6 million in federal grant funds during fiscal year 2023.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. This verification may be accomplished by obtaining a written certification from the contractor or subrecipient, or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program.
During the state fiscal year, the ELC program had 15 newly executed contracts that required a suspension and debarment check. The Department did not perform a suspension and debarment check for nine contracts (60 percent) with educational service districts (ESDs). The remaining six contracts with various entities received a suspension and debarment check.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have proper management oversight to ensure the ESD contracts received the required suspension and debarment checks. Department officials said that to accelerate contracts during the COVID-19 pandemic, along with the misperception that ESDs are an extension of the Office of Superintendent of Public Instruction, these checks were not performed.
Effect of Condition
By not performing suspension and debarment checks, the Department cannot ensure all its contractors and subrecipients are allowed to receive federal funds. Without proper checks, the Department could be required to repay the grantor for any payments made to a contractor or subrecipient that is suspended or disbarred.
We verified the nine ESDs were not suspended or debarred, so we are not questioning costs.
Recommendation
We recommend the Department establish adequate internal controls to ensure it completes the required suspension and debarment checks before entering into contracts with contractors and subrecipients that will receive $25,000 or more in federal funds.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations.
During the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and no suspension & debarment check was performed at the time. We have corrected this error moving forward with ESD contracts.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 213, Suspension and debarment, states:
Non-federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR parts 180 and 376. These regulations restrict awards, subawards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-048 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-02-07
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-034
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023.
During the audit period, the Department was required to submit various reports to the Centers for Disease Control and Prevention (CDC) for three ELC projects: Enhancing Detection, Enhancing Detection Expansion, and Reopening Schools.
Fiscal Reporting
For all three projects, the Department submits monthly fiscal reports in REDCap, a web-based system used by the CDC to collect data. This report summarizes the total monthly expenses, including salaries, fringe benefits, equipment, travel, supplies and contractual payments.
Testing Reporting
The Reopening Schools project uses this report to collect data on the use of PCR, antigen, and over-the-counter COVID-19 tests at schools. The Department works with a contractor that compiles testing data and reports the information back to the Department, which then submits the data using the CDC’s report template in REDCap.
Case Investigation and Contact Tracing (CICT) Reporting
For the Enhancing Detection and Enhancing Detection Expansion projects, the Department is required to submit monthly reports covering various attributes related to the number of COVID-19 cases reported and investigated. When a COVID-19 case is identified in the Washington Disease Reporting System, it is entered into the Case Risk and Exposure Surveillance Tool (CREST). Epidemiologists at the Department follow contact tracing protocols and enter the results of their investigations into CREST. The data is then reported in REDCap.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program. The prior finding number was 2022-034.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program.
During the audit period, the Department’s ELC program staff said that all reports were reviewed and approved by appropriate staff before submission to the federal government. However, program staff for the fiscal reports and CICT reports did not document their review or approval until January 2023, so we were unable to determine if the proper reviews occurred for the entirety of the audit period. Furthermore, the Department did not have a documented review during the audit period for the Reopening Schools testing reports.
Testing Reporting
We used a non-statistical sampling method to select and examine four out of four quarterly Reopening Schools testing reports. We found the total amounts provided by the contractor matched the amounts the Department reported in REDCap for all four quarterly reports. However, the Department did not receive or review the contractor’s detailed data that supports the total amounts to ensure it was complete and accurate before submitting the reports in REDCap.
CICT Reporting
We used a non-statistical sampling method to randomly select and review five out of 12 monthly CICT reports. We identified one month (20 percent) where the data reported in CREST did not match what was reported in REDCap. Three of the six data fields we tested had variances between CREST and REDCap reports, which ranged from 2.7 percent underreported to 3.79 percent overreported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Testing Reporting
The Department did not require management to document their reviews of reports and supporting documentation before submitting them to the grantor. Therefore, management did not ensure the total amounts provided by the contractor had adequate support to ensure the reports were accurate and complete.
CICT Reporting
Prior to January 2023, the Department did not require management to document their reviews of reports before or after submission. If management reviewed the CICT reports, the reviews were inadequate for detecting the errors our audit identified.
Effect of Condition
Testing Reporting
By not reviewing and reconciling the contractor’s summary data and supporting documentation, management was unable to demonstrate the amounts reported were complete and accurate.
CICT Reporting
By not ensuring management completes the proper reviews, the Department cannot reasonably ensure the reports are complete and accurate.
Recommendation
We recommend the Department establish and follow effective internal controls, including documented reviews, to ensure reports are accurate and complete before submitting them to the federal grantor.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future. In addition, we will work to discuss recommendations with the grants management and contracts teams at the department level to identify best practices to improve internal controls regarding document review and report accuracy to attempt to standardized process and procedures.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-049 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Department uses an Excel workbook to track subrecipients’ single audits.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions.
To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, during the audit period, the Department did not adequately perform this process.
Five subrecipients received an ELC finding, but the spreadsheet did not document them or note the Department’s follow-up actions on the subrecipients’ corrective action plans. In addition, the Department did not issue a management decision letter for any of these five findings, so the tracking spreadsheet also did not document any management decisions.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said that due to high turnover throughout the fiscal year, staff were behind on monitoring the single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• All subrecipients receive a single audit, if required
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department agrees with the finding.
The Department will review internal controls over ensuring timely review of federal subrecipient single audits and issuance of management decision letters, including monitoring controls by management to ensure future compliance with the requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
1. Reviewing financial and performance reports required by the pass-through entity.
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521.
f. Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501.
h. Consider taking enforcement action against noncompliant subrecipients as described in section 75.371and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-050 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-033
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients. In response to the COVID pandemic, ELC subrecipients have received a significant increase in funding over the last few years.
Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at general accounting information, budget information, equipment purchases and other items.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033.
Description of Condition
The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program.
The Department does not have written procedures to guide reviewers on the number of reimbursement samples to review based on the subrecipient’s risk level.
We used a nonstatistical sampling method to randomly select and examine five out of a total of 10 subrecipients that received a fiscal review during the audit period. For each subrecipients, we noted that the fiscal monitoring only covered between 0.19 percent and 3.37 percent of total grant awards. Additionally, the Department only sampled between one and nine transactions specific to the ELC program during the reviews. Furthermore, for each subrecipient, the Department only sampled from either payroll or contractor transactions, never both. These samples covered between 0.02 percent to 1.82 percent of the total ELC grant award for the subrecipients. The table below identifies the samples reviewed for each subrecipient.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management has not established guidance for how many transactions fiscal reviewers need to review from source documentation to have assurance subrecipients spent program funds spent accordance with grant requirements. Furthermore, management believed the level of review was adequate to ensure a sufficient level of monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Further, allowing staff to select samples without adequate guidance from management does not provide the Department with reasonable assurance that subrecipients spent program funds in accordance with grant requirements and federal regulations.
Recommendation
We recommend the Department strengthen internal controls to ensure it performs fiscal monitoring to a level that provides reasonable assurance that subrecipients’ use of federal funds complies with federal laws and regulations and the subaward’s terms and conditions.
Department’s Response
We do not concur with the finding.
We understand that the State Auditor’s Office (SAO) reviewed a specific grant as part of the scope of this audit. The Department of Health (DOH) finds it misleading that SAO did not report on the subrecipient review process in its entirety. The DOH Fiscal Monitoring Unit (FMU) is not an audit department, therefore the standards DOH FMU functions on are very different than what SAO is recommending in the finding. FMU is audited annually by different federal partners, and those partners have identified no concerns with the monitoring visit methodology used as it is in line with compliance requirement 2 CFR 200.332. Federal guidance does not state DOH must select a certain percentage of samples to ensure adequate review.
The DOH subrecipient monitoring process is a comprehensive process that starts with an initial risk assessment which is completed prior to contract execution. This assessment determines the level of support each subrecipient is required to submit as back up documentation for payment requests. Programs then have contract managers review this support prior to payment. In addition, monitoring visits are performed on subrecipients. As part of that process, the FMU reviews at least three months of invoices submitted by subrecipients and includes reviews of entity policies, procedures, internal controls both manual and automated, applicable contracts, history of compliance and applicable cost allocation methodology to ensure each entity is compliant with federal requirements and has adequate internal controls.
As part of the review, each FMU staff member will judgmentally select items to review from the selected invoices. FMU staff make this selection using their subject matter expertise about DOH, specific programs and federal guidance to identify transactions for review. This review includes looking at supporting documentation such as timesheets and receipts. FMU reviews the entity, not a specific grant when performing a site visit. The reviewer must document the grants the entity receives and then selects a few transactions from each award type, if applicable. Each entity has a consistent control structure across all funding types so there is no value in reviewing a significant number of transactions from each award type as the controls do not vary. As you can see from the table provided, of the invoices reviewed, DOH typically reviews a quarter of the amount invoiced for. If a grant award is not represented in the invoices selected, FMU will select an additional invoice to ensure all awards are included. This happened in the case of sample three. In the case of sample one, no vendor payments were reviewed because the entity only invoiced for payroll for the selected months. Executive leadership supports the approach used by FMU and is not considering program changes related to the recommendation at this time.
Auditor’s Remarks
While federal regulations do not require a specific percentage of program expenditures be reviewed when entities monitor subrecipients, in our judgment, the amount reviewed by the Department for the ELC program did not provide management with reasonable assurance that subawards were used for authorized purposes, were spent in compliance with federal requirements and the terms and conditions of the awards. The Department cannot rely on reviews performed for other federal awards as an effective means to ensure compliance for the ELC program.
The Department asserts that FMU staff selects invoices for all grant awards issued to the subrecipient. Then, FMU staff judgmentally pick samples from the three selected invoices, significantly limiting the number of expenditures reviewed, as evidence in our testing.
Furthermore, the Department does not have written procedures guiding FMU staff on the level of fiscal review for federal grant expenditures. It also acknowledges that the risk assessment level drives the level of backup documentation required for payment requests. The risk assessment does not influence the level of fiscal review.
The Department provided a table of the number of expenditures it asserts it reviewed at each subrecipient we tested but acknowledges that these expenditures are from all programs and not specific to ELC. The amount of review done for other federal programs or state funded programs is not relevant when determining whether the subrecipient complied with the terms of the ELC subaward.
We reaffirm our finding, and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-051 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with Temporary Assistance for Needy Families funds were allowable and property supported.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $107,338,725
Prior Year Audit Finding: Yes, Finding 2022-035
Background
The Department of Social and Health Service (DSHS), Community Services Office, administers the Temporary Assistance for Needy Families (TANF) grant that provides temporary cash assistance for families in need. To receive TANF benefits, participants must be engaged in activities listed in the Individual Responsibility Plan through the WorkFirst program, unless the TANF benefits are received only on behalf of a child. TANF grant funds are also used to pay clients’ child care costs to meet one of the program’s primary purposes of helping clients obtain employment.
Washington has established the Working Connections Child Care (WCCC) program to help eligible working families pay for child care. Both the Department of Children, Youth, and Families (Department) and DSHS administer the program. The Department is responsible for establishing policies and procedures for licensing child care providers and paying them for allowable child care services. DSHS determines TANF client eligibility and reimburses the Department for child care payments under an agreement between the two agencies. In fiscal year 2023, DSHS paid $107,338,725 related to child care services.
The Department uses its Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple Child Care Development Fund (CCDF) federal grant awards, and state funding. The Department uploads the payment data into the state’s accounting system at a summary level based on the various funding sources.
DSHS worked with the Department to setup coding in the Payment Allocating Model system that looks at the client-level information and then assigns the correct TANF source of funds. Once the source of funds is identified, that information is then sent to SSPS for allocation assignment. The Department prepares electronic reports for funds allocated to TANF funding sources and sends DSHS a monthly bill. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
Some payments the Department makes for child care are funded by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the WCCC program. Federal regulations require grant fund expenditures to be adequately supported to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls that ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported. The prior finding numbers were 2022-035 and 2021-028.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported.
To identify TANF-funded payments the Department made to child care providers, we requested a population of payments charged to TANF sources from SSPS. However, in fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent TANF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions from SSPS that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. Officials from the U.S. Department of Health and Human Services informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
Because the Department did not comply with federal requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $107,338,725 in federal program costs for child care payments that DSHS paid during the audit period.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Update service level agreements with DSHS to ensure payments are sufficient and properly supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the Working Connections Child Care (WCCC) program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the TANF grant. The Department allocated the TANF grant to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds for the CCDF or TANF grants. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF and TANF source of funds with the same eligibility requirements, the Department is confident TANF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-051 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with Temporary Assistance for Needy Families funds were allowable and property supported.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $107,338,725
Prior Year Audit Finding: Yes, Finding 2022-035
Background
The Department of Social and Health Service (DSHS), Community Services Office, administers the Temporary Assistance for Needy Families (TANF) grant that provides temporary cash assistance for families in need. To receive TANF benefits, participants must be engaged in activities listed in the Individual Responsibility Plan through the WorkFirst program, unless the TANF benefits are received only on behalf of a child. TANF grant funds are also used to pay clients’ child care costs to meet one of the program’s primary purposes of helping clients obtain employment.
Washington has established the Working Connections Child Care (WCCC) program to help eligible working families pay for child care. Both the Department of Children, Youth, and Families (Department) and DSHS administer the program. The Department is responsible for establishing policies and procedures for licensing child care providers and paying them for allowable child care services. DSHS determines TANF client eligibility and reimburses the Department for child care payments under an agreement between the two agencies. In fiscal year 2023, DSHS paid $107,338,725 related to child care services.
The Department uses its Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple Child Care Development Fund (CCDF) federal grant awards, and state funding. The Department uploads the payment data into the state’s accounting system at a summary level based on the various funding sources.
DSHS worked with the Department to setup coding in the Payment Allocating Model system that looks at the client-level information and then assigns the correct TANF source of funds. Once the source of funds is identified, that information is then sent to SSPS for allocation assignment. The Department prepares electronic reports for funds allocated to TANF funding sources and sends DSHS a monthly bill. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
Some payments the Department makes for child care are funded by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the WCCC program. Federal regulations require grant fund expenditures to be adequately supported to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls that ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported. The prior finding numbers were 2022-035 and 2021-028.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported.
To identify TANF-funded payments the Department made to child care providers, we requested a population of payments charged to TANF sources from SSPS. However, in fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent TANF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions from SSPS that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. Officials from the U.S. Department of Health and Human Services informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
Because the Department did not comply with federal requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $107,338,725 in federal program costs for child care payments that DSHS paid during the audit period.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Update service level agreements with DSHS to ensure payments are sufficient and properly supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the Working Connections Child Care (WCCC) program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the TANF grant. The Department allocated the TANF grant to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds for the CCDF or TANF grants. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF and TANF source of funds with the same eligibility requirements, the Department is confident TANF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-052 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS, 2301WARSSS-00, 2301WARSSS-01, 2301WARSSS-02, 2301WARSSS-03, 2301WARSSS-04, 2301WARSSS-05, 2301WARCMA-00, 2301WARCMA-01, 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $18.2 million to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
In fiscal year 2023, the Department issued 29 subawards and 18 subaward amendments totaling $39.8 million to subrecipients that it was required to report in FSRS.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not have written procedures on the reporting process and did not report any subawards in FSRS during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had no procedures in place to determine which subawards and amendments were required to be reported in FSRS. Additionally, management did not ensure that reports were submitted, as required.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Establish effective internal controls and written procedures to ensure it reports all first-tier subawards of $30,000 or more, as required
• Verify all subawards and subaward amendments are reported in FSRS, as required
Department’s Response
The Department concurs with the auditor’s findings.
The Refugee and Entrant Assistance program will immediately report all first-tier subawards, including amendments, totaling $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
To ensure ongoing compliance with the Federal Funding Accountability and Transparency Act Reporting requirements, the Refugee and Entrant Assistance program will establish effective internal controls and written procedures to ensure:
• The program reports all first-tier initial subawards of $30,000 or more.
• If the initial award is below $30,000, the program tracks subsequent grant modifications and reports as soon as the modifications result in a total award equal to or over $30,000.
• Reports for submission will contain the required data elements.
In addition, the program will work with the Division of Finance and Financial Resources to develop and subsequently implement a process to verify all subawards and subaward amendments were reported in the Federal Funding Accountability and Transparency Act Subaward Reporting System.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii .For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-053 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS; 2301WARSSS-00;
2301WARSSS-01; 2301WARSSS-02;
2301WARSSS-03; 2301WARSSS-04;
2301WARSSS-05; 2301WARCMA-00;
2301WARCMA-01; 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $26 million to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit or program-specific audit. Furthermore, federal regulations require subrecipients to submit their audits in the Federal Audit Clearinghouse and to the pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes on to its subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
We found the Department did not have adequate internal controls in place to verify whether:
• Subrecipients met the audit threshold for federal assistance expended for their fiscal year
• Subrecipients received required audits, if necessary, and appropriate actions were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who received a single audit or program-specific audit
We found the Department did not monitor each of its 41 subrecipients to ensure they received a single audit, if required. Six of the subrecipients received single audits during the audit period. One of those six subrecipients’ audits included Refugee and Entrant Assistance as a major program.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department used accounting system reports to determine how much it reimbursed subrecipients with Refugee and Entrant Assistance funds. However, management did not monitor subrecipients to ensure they received single audits, as required. Additionally, management did not assign any specific employees the responsibility for reviewing subrecipient audit reports and findings.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the Department cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions, and management monitors them for effectiveness where required, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) will follow-up with the remaining 35 subrecipients to verify that they completed a single/program audit if they received $750,000 or more in federal assistance. For any subrecipients that have not been audited as required, ORIA will inform the subrecipient of the requirement and monitor for completion. ORIA will work with ESA accounting staff to review all completed audit reports and for any findings found, issue a management decision outlining their determination of the effectiveness of the subrecipients’ proposed corrective actions to address the findings. ESA Accounting will monitor the subrecipent’s corrective actions through completion.
To ensure ongoing compliance with subrecipient monitoring requirements, ORIA will work with ESA Accounting to establish and implement effective internal controls and written procedures to:
• Identify subrecipients who receive $750,000 or more annually in federal assistance from all sources.
• Verify if subrecipients completed required audits, if necessary, and take appropriate action if audits are not completed.
• Review single and program-specific audit reports for findings.
• Write and issue a management decision, when appropriate, within six months outlining the Department’s determination of the adequacy of the subrecipient’s proposed corrective actions to address the finding.
• Monitor the subrecipient’s corrective action plan for timely and effective completion.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-054 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS; 2301WARSSS-00;
2301WARSSS-01; 2301WARSSS-02;
2301WARSSS-03; 2301WARSSS-04;
2301WARSSS-05; 2301WARCMA-00;
2301WARCMA-01; 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $26 million to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
The Department’s administrative policy 19.50.30 - Subrecipient Monitoring requires Department staff to conduct programmatic and fiscal monitoring of subrecipients. We found the Department did not monitor 33 out of 41 subrecipients to ensure compliance with Federal statutes, regulations, or that subaward performance goals are achieved.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had established administrative policies and procedures to monitor subrecipients for programmatic and fiscal compliance; however, ORIA program management did not accurately identify all program subrecipients to develop a comprehensive monitoring plan. In response to a prior audit finding ORIA program management implemented procedures for determining program subrecipients, however this change did not take effect until the end of the audit period.
The Department’s program management did not ensure subrecipients were correctly identified and did not review each subrecipient to ensure they were monitored for compliance, as required.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure that the subrecipient has complied with the terms and conditions of the subaward.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure all subrecipients are subject to fiscal and program monitoring, as required
• Establish effective internal controls to ensure subrecipients are accurately identified by Department program staff
• Establish internal controls to ensure Department staff review financial and performance-based reports for every subrecipient
• Monitor each subrecipient to obtain reasonable assurance that each subrecipients’ use of federal funds complies with federal laws and regulations, and the subaward terms and conditions
• Communicate to subrecipients any deficiencies noted during its review and ensure appropriate corrective action is taken to address the deficiencies
Department’s Response
The Department concurs with the auditor’s findings.
In response to audit finding 2021-015 covering a different grant administered by the Department’s Office of Refugee and Immigrant Assistance (ORIA), ORIA program staff created a Subrecipient vs. Contractor Determination tool. However, this determination tool was not established until April 2023 with implementation and training occurring April through June 2023.
For immediate compliance, ORIA will review all active contracts utilizing federal funding and ensure subrecipient status is correctly determined. ORIA has over 200 active contracts with more than 80 unique providers, most of which will require subrecipient monitoring. To address the significant workload that additional fiscal and programmatic monitoring will require, ORIA and ESA Accounting will explore the department’s ability to increase staff resources.
For ongoing compliance, ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part:
Policy
E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool)
Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools.
1. If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review:
a) Entity’s invoices and documentation (A-19s).
b) Entity’s program or service and financial reports.
c) Surveys or feedback cards from clients.
d) Client complaints.
e) Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means.
f) Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable.
g) If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool.
2. If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items:
a) A review of the delivery of program services.
b) Discussions about the subrecipient’s problems and challenges.
c) Follow-up on identified problems from previous visits.
d) Review of faculty/personnel licensing.
e) Review of surveys and inspections performed by outside parties.
f) Interview of staff to determine whether they are familiar with the program.
g) Inspection of the entity’s facilities and operations.
h) Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes.
i) Review of the entity’s monitoring/production reports.
j) Review of any independent limited scope program audits.
k) Verification of performance from outside source (e.g. sub-contractors).
l) Review of the entity’s self-risk assessment survey.
m) Review of internal controls.
n) Review of billing practices.
o) Review of allocation of costs.
p) Review of timesheets or activity reports.
q) Review of financial records.
E. Monitoring must be documented.
1. The ACD must be used to document all subrecipient-related monitoring activities.
2. Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period.
Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2023-052 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS, 2301WARSSS-00, 2301WARSSS-01, 2301WARSSS-02, 2301WARSSS-03, 2301WARSSS-04, 2301WARSSS-05, 2301WARCMA-00, 2301WARCMA-01, 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $18.2 million to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
In fiscal year 2023, the Department issued 29 subawards and 18 subaward amendments totaling $39.8 million to subrecipients that it was required to report in FSRS.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not have written procedures on the reporting process and did not report any subawards in FSRS during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had no procedures in place to determine which subawards and amendments were required to be reported in FSRS. Additionally, management did not ensure that reports were submitted, as required.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Establish effective internal controls and written procedures to ensure it reports all first-tier subawards of $30,000 or more, as required
• Verify all subawards and subaward amendments are reported in FSRS, as required
Department’s Response
The Department concurs with the auditor’s findings.
The Refugee and Entrant Assistance program will immediately report all first-tier subawards, including amendments, totaling $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
To ensure ongoing compliance with the Federal Funding Accountability and Transparency Act Reporting requirements, the Refugee and Entrant Assistance program will establish effective internal controls and written procedures to ensure:
• The program reports all first-tier initial subawards of $30,000 or more.
• If the initial award is below $30,000, the program tracks subsequent grant modifications and reports as soon as the modifications result in a total award equal to or over $30,000.
• Reports for submission will contain the required data elements.
In addition, the program will work with the Division of Finance and Financial Resources to develop and subsequently implement a process to verify all subawards and subaward amendments were reported in the Federal Funding Accountability and Transparency Act Subaward Reporting System.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii .For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-053 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS; 2301WARSSS-00;
2301WARSSS-01; 2301WARSSS-02;
2301WARSSS-03; 2301WARSSS-04;
2301WARSSS-05; 2301WARCMA-00;
2301WARCMA-01; 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $26 million to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit or program-specific audit. Furthermore, federal regulations require subrecipients to submit their audits in the Federal Audit Clearinghouse and to the pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes on to its subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
We found the Department did not have adequate internal controls in place to verify whether:
• Subrecipients met the audit threshold for federal assistance expended for their fiscal year
• Subrecipients received required audits, if necessary, and appropriate actions were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who received a single audit or program-specific audit
We found the Department did not monitor each of its 41 subrecipients to ensure they received a single audit, if required. Six of the subrecipients received single audits during the audit period. One of those six subrecipients’ audits included Refugee and Entrant Assistance as a major program.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department used accounting system reports to determine how much it reimbursed subrecipients with Refugee and Entrant Assistance funds. However, management did not monitor subrecipients to ensure they received single audits, as required. Additionally, management did not assign any specific employees the responsibility for reviewing subrecipient audit reports and findings.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the Department cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions, and management monitors them for effectiveness where required, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) will follow-up with the remaining 35 subrecipients to verify that they completed a single/program audit if they received $750,000 or more in federal assistance. For any subrecipients that have not been audited as required, ORIA will inform the subrecipient of the requirement and monitor for completion. ORIA will work with ESA accounting staff to review all completed audit reports and for any findings found, issue a management decision outlining their determination of the effectiveness of the subrecipients’ proposed corrective actions to address the findings. ESA Accounting will monitor the subrecipent’s corrective actions through completion.
To ensure ongoing compliance with subrecipient monitoring requirements, ORIA will work with ESA Accounting to establish and implement effective internal controls and written procedures to:
• Identify subrecipients who receive $750,000 or more annually in federal assistance from all sources.
• Verify if subrecipients completed required audits, if necessary, and take appropriate action if audits are not completed.
• Review single and program-specific audit reports for findings.
• Write and issue a management decision, when appropriate, within six months outlining the Department’s determination of the adequacy of the subrecipient’s proposed corrective actions to address the finding.
• Monitor the subrecipient’s corrective action plan for timely and effective completion.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-054 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS; 2301WARSSS-00;
2301WARSSS-01; 2301WARSSS-02;
2301WARSSS-03; 2301WARSSS-04;
2301WARSSS-05; 2301WARCMA-00;
2301WARCMA-01; 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $26 million to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
The Department’s administrative policy 19.50.30 - Subrecipient Monitoring requires Department staff to conduct programmatic and fiscal monitoring of subrecipients. We found the Department did not monitor 33 out of 41 subrecipients to ensure compliance with Federal statutes, regulations, or that subaward performance goals are achieved.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had established administrative policies and procedures to monitor subrecipients for programmatic and fiscal compliance; however, ORIA program management did not accurately identify all program subrecipients to develop a comprehensive monitoring plan. In response to a prior audit finding ORIA program management implemented procedures for determining program subrecipients, however this change did not take effect until the end of the audit period.
The Department’s program management did not ensure subrecipients were correctly identified and did not review each subrecipient to ensure they were monitored for compliance, as required.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure that the subrecipient has complied with the terms and conditions of the subaward.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure all subrecipients are subject to fiscal and program monitoring, as required
• Establish effective internal controls to ensure subrecipients are accurately identified by Department program staff
• Establish internal controls to ensure Department staff review financial and performance-based reports for every subrecipient
• Monitor each subrecipient to obtain reasonable assurance that each subrecipients’ use of federal funds complies with federal laws and regulations, and the subaward terms and conditions
• Communicate to subrecipients any deficiencies noted during its review and ensure appropriate corrective action is taken to address the deficiencies
Department’s Response
The Department concurs with the auditor’s findings.
In response to audit finding 2021-015 covering a different grant administered by the Department’s Office of Refugee and Immigrant Assistance (ORIA), ORIA program staff created a Subrecipient vs. Contractor Determination tool. However, this determination tool was not established until April 2023 with implementation and training occurring April through June 2023.
For immediate compliance, ORIA will review all active contracts utilizing federal funding and ensure subrecipient status is correctly determined. ORIA has over 200 active contracts with more than 80 unique providers, most of which will require subrecipient monitoring. To address the significant workload that additional fiscal and programmatic monitoring will require, ORIA and ESA Accounting will explore the department’s ability to increase staff resources.
For ongoing compliance, ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part:
Policy
E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool)
Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools.
1. If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review:
a) Entity’s invoices and documentation (A-19s).
b) Entity’s program or service and financial reports.
c) Surveys or feedback cards from clients.
d) Client complaints.
e) Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means.
f) Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable.
g) If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool.
2. If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items:
a) A review of the delivery of program services.
b) Discussions about the subrecipient’s problems and challenges.
c) Follow-up on identified problems from previous visits.
d) Review of faculty/personnel licensing.
e) Review of surveys and inspections performed by outside parties.
f) Interview of staff to determine whether they are familiar with the program.
g) Inspection of the entity’s facilities and operations.
h) Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes.
i) Review of the entity’s monitoring/production reports.
j) Review of any independent limited scope program audits.
k) Verification of performance from outside source (e.g. sub-contractors).
l) Review of the entity’s self-risk assessment survey.
m) Review of internal controls.
n) Review of billing practices.
o) Review of allocation of costs.
p) Review of timesheets or activity reports.
q) Review of financial records.
E. Monitoring must be documented.
1. The ACD must be used to document all subrecipient-related monitoring activities.
2. Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period.
Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2023-055 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WAE5C6; 2102WALWC6
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-039
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia, and territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department is required to collect and report program information through various reports.
LIHEAP Performance Data Form
The LIHEAP Performance Data Form has two modules. Module 1 is the Grant Recipient Survey that collects and reports data on sources and uses of LIHEAP funds. Module 2 is the performance measures used to report data on energy burden targeting and reduction, as well as the continuity of home energy service.
Annual Report on Households Assisted by LIHEAP
The Annual Report on Households is used to report data on the number, income levels, and demographic information on both households assisted and households applying for assistance.
Both reports are required to separate the data by regular LIHEAP funding and additional LIHEAP funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the American Rescue Plan Act of 2021 (ARPA).
Quarterly Performance and Management Report
Starting in fiscal year 2023, the Quarterly Performance and Management Report was required to report aggregated data on total households assisted, performance management metrics, and estimated uses of LIHEAP funds, along with some narrative information about program implementation and support.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with reporting requirements for the LIHEAP Performance Data Form and Annual Report on Households Assisted. The prior finding was number 2022-039. Two audits ago, we also reported the Department did not have adequate controls over and did not comply with reporting requirements for the Annual Report on Households Assisted. This finding number was 2021-032.
Description of Condition
The Department did not have adequate internal controls over and did not comply with the reporting requirements for LIHEAP.
We reviewed the LIHEAP Performance Data Form and Annual Report on Households Assisted for the federal fiscal year ending September 30, 2022. In addition, we reviewed the three Quarterly Performance and Management Reports that the Department submitted during the audit period. We examined each report and attempted to recalculate the information reported using the supporting documentation used to prepare the reports and data from the LIHEAP database.
Based on the data the Department provided, we identified the following:
LIHEAP Performance Data Form
• In Module 1 Estimated Sources and Uses of LIHEAP Funds, 11 of 16 fields (69 percent) were inaccurate, and the Department was not able to provide any support for eight of these 11.
• In Module 2 Household Data, 83 of 240 fields (35 percent) we examined were inaccurate.
• Most differences in the amounts reported and the data provided were between less than one percent and 100 percent.
• All households data were accurate, but subcategories isolating CARES funding and ARPA funding had variances ranging from (5,016) to 4,557 in the average annual household income data.
Annual Report on Households Assisted by LIHEAP
• 102 of 162 (63 percent) fields we examined were inaccurate.
• The differences in the amounts reported and data provided were between less than one percent and 100 percent.
• High level totals were generally accurate, but subcategories isolating CARES funding and ARPA funding had variances ranging from (1,780) to 767 in the number of households assisted.
Quarterly Performance Management Report
• All nine fields (100 percent) we examined were inaccurate.
• The differences between values reported and data provided were between 2 percent and 371 percent.
• The variances ranged in underreporting total households assisted by 7,932 to overreporting occurrences of households where LIHEAP restored home energy by 4,722.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure they properly reviewed and approved these reports before the Department submitted them. Furthermore, the Department did not retain source documentation used at the time of completing these reports, and the data from the LIHEAP database is real-time data that can change over time without the ability to track changes. As a result, the data provided to verify the reported amounts has changed since the time of report submission.
In addition, the Department did not properly follow reporting instructions to break down some data types and did not align rounding methodologies for calculating poverty levels according to reporting requirements. Department officials also said the agency is understaffed and experienced turnover among key personnel, including management, who are involved in preparing and submitting the reports.
Effect of Condition
By not retaining supporting documentation and source data for the reports, management was unable to demonstrate the amounts the Department reported to the federal grantor were complete and accurate.
Additionally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure management is reviewing reports prior to submission
• Ensure supporting documentation and real-time data used to prepare the reports are retained
• Ensure all amounts reported align with reporting requirements and methodologies
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Department’s Response
The Department appreciates the State Auditor’s Office thorough review of our internal controls and compliance over reporting for the Low-Income Home Energy Assistance Program. The program confirms the reports were reviewed and approved by the Managing Director, the program manager did not retain written approvals.
The program will add the following bolded steps to the Department's procedures for LIHEAP federal reporting.
The retention of the source data at the time the reports are pulled will result in the Department and SAO reviewing the same data from the same time.
The Department follows the reporting process outlined below:
• Program manager pulls the necessary reports
• LIHEAP program manager will retain all data reports from the LIHEAP data system used for reporting.
• LIHEAP information technology staff will save a snapshot of the entire database from the date of the report. This will allow the State Auditor’s Office to review the actual information used for reporting.
• Managing director reviews reports before submittal.
• Managing director will send written/email approval to program manager
• Program manager will retain written approval for the State Auditor’s Office review
• Program manager submits reports once managing director approval is received.
• Program manager receives notice that the report has been accepted by the funder.
• Program manager saves a copy of the report, documentation, and acceptance
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart 342, Monitoring and reporting program performance, states in part:
b. Non-construction performance reports. The HHS awarding agency must use standard, OMB-approved data elements for collection of performance information (including performance progress reports, Research Performance Progress Report, or such future collections as may be approved by OMB and listed on the OMB Web site).
1. The non-Federal entity must submit performance reports at the interval required by the HHS awarding agency or pass-through entity to best inform improvements in program outcomes and productivity. Intervals must be no less frequent than annually nor more frequent than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes. Annual reports must be due 90 calendar days after the reporting period; quarterly or semiannual reports must be due 30 calendar days after the reporting period. Alternatively, the HHS awarding agency or pass-through entity may require annual reports before the anniversary dates of multiple year Federal awards. The final performance report will be due 90 calendar days after the period of performance end date. If a justified request is submitted by a non-Federal entity, the HHS awarding agency may extend the due date for any performance report.
Title 45 CFR Part 96, Subpart 82, Required report on households assisted, states in part:
a. Each grantee which is a State or an insular area which receives an annual allotment of at least $200,000 shall submit to the Department, as part of its LIHEAP grant application, the data required by section 2605(c)(1)(G) of Public Law 97-35 (42 U.S.C. 8624(c)(1)(G)) for the 12-month period corresponding to the Federal fiscal year (October 1 – September 30) preceding the fiscal year for which funds are requested. The data shall be reported separately for LIHEAP heating, cooling, crisis, and weatherization assistance.
Office of Management and Budget, 2023 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The U.S. Department of Health and Human Services, Division of Energy Assistance, Office of Community Services, Administration of Children and Families, provides the following reporting instructions:
• Instructions for the LIHEAP Performance Data Form for FFY 2022
• Instructions for the LIHEAP Household Report for FFY 2022 – Long Form
• Instructions for Completion of the Quarterly Performance and Management Report for the Low-Income Home Energy Assistance Program
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11
2023-056 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for the Low-Income Home Energy Assistance Program contained the federal award identification elements.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S Department of Health & Human Services
Federal Award/Contract Number: 2301WALIEA, 2301WALIEE, 2301WALIEI, 2201WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Commerce administers the Low-Income Home Energy Assistance Program (LIHEAP), which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. During the audit period, the energy assistance program allocated funds to 26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85 percent of LIHEAP funds go to the energy assistance program, with no more than 15 percent allocated for weatherization activities. Each program makes separate subawards to subrecipients.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. LIHEAP management reviews subawards prior to execution to ensure all elements are included in the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure LIHEAP subawards contained the federal award identification elements.
During the audit period, the Department executed 126 LIHEAP subawards for the energy assistance and weatherization programs. The Department uses the same process for these two programs to ensure the 14 federal award identification elements are included in the subawards. We used a non-statistical sampling method to randomly select and examine 17 of these subawards to determine if the required information was included. We found that six energy assistance subawards (35 percent) did not have the correct FAIN. One of these six subawards (6 percent) also incorrectly communicated seven additional elements, and it did not properly differentiate separate projects and costs and, therefore, did not clearly communicate the allowable activities for each specific FAIN on the subaward.
We also judgmentally reviewed three additional energy assistance subawards. For all three, we found eight of the elements were not correctly communicated to the subrecipient, and they did not properly communicate the program’s allowable activities.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In an effort to be more efficient, program management included two FAINs in one subaward. However, the FAINs had different information for some of the 14 federal award identification elements, and management did not ensure that the necessary information for each FAIN was included in the subaward.
Effect of Condition
By not clearly identifying the required information in subawards, the Department cannot ensure that subrecipients are adequately informed of program requirements for each federal award.
Recommendation
We recommend the Department establish policies and procedures and provide training for staff to ensure it includes all required federal award identification elements in subawards.
Department’s Response
The Department agrees with this finding. The wrong Federal Award Identification Numbers (FAIN) were entered incorrectly due to multiple awards and contracts being sent out.
While 13 of the 14 required elements were included, the issue with the multiple awards and FAINs on a single contract will be corrected. The Department will separate the FAIN information by award on the contract in the Contract Face Sheet (CFS), the Contract Information Sheet (CIS), and Section 1. Acknowledgment of Federal Funding in the Special & General Terms & Conditions of the contract. The information will be entered by the LIHEAP Commerce Specialist 3, reviewed by the LIHEAP Program Manager, and then reviewed by the Community & Economic Opportunities Managing Director prior to contracts being sent out.
In addition, the Requirements for Pass Through Entities fourteen elements will be communicated to all subrecipients via the Department required communication which was a required process Commerce implemented in 2022. This communication is included as part of each award issued to subrecipients as required by the Code of Federal Regulations.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, establishes requirements for pass-through entities.
Title 45 CFR Part 75, section 303, Subpart D - Standards for Financial and Program Management 3, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-057 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments and monitor subrecipients of the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: 2301WALIEA, 2201WALIEA, 2101WALIEA, 2301WALIEE, 2301WALIEI, 2201WALIEI, 2101WAE5C6, 2101WALWC6, 2101WALWC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Commerce administers the Low-Income Home Energy Assistance Program (LIHEAP), which provides financial assistance to low-income households to meet their energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. The energy assistance program allocated funds to
26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85 percent of LIHEAP funds go to the energy assistance program, with no more than 15 percent allocated for weatherization activities. Each program makes separate subawards to subrecipients and conducts risk assessments and monitoring activities independently of each other. For weatherization, the Department includes other federal programs in the monitoring activity, and staff use a checklist to ensure all monitoring is performed.
Federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations also require the Department to monitor the activities of its subrecipients as necessary to ensure that they use their subawards for authorized purposes, comply with the terms and conditions of their subawards, and achieve performance goals.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments and monitor LIHEAP subrecipients.
We did not identify issues with the energy assistance program during the audit period. However, we found the Department did not perform risk assessments for any of its 24 subrecipients (100 percent) for the weatherization program.
We used a non-statistical sampling method to randomly select and examine eight out of the 24 total weatherization subrecipients to determine if the Department conducted sufficient program and fiscal monitoring. We found Department staff did not fully complete the monitoring checklist for six subrecipients (75 percent). Also, for all eight subrecipients (100 percent), we could not determine if the monitoring activity was specific to the federal requirements for the program. Furthermore, we found seven subrecipients (88 percent) did not have adequate documentation to determine if the reimbursement requests reviewed were for the LIHEAP program.
Finally, the Department classified six out of the eight subrecipients examined as high risk and two as low risk. However, all subrecipients received the same level of monitoring regardless of their classified risk level.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department does not have adequate policies and procedures in place to ensure the risk assessments are completed and influence the level of monitoring activity. Furthermore, management did not adequately monitor employees performing the monitoring activity to ensure they properly completed the checklists. Department employees said staffing shortages contributed to delays in performing risk assessments, staff responsible for the risk assessments were not aware they must be completed within each fiscal year, and management did not ensure they were performed.
Furthermore, the weatherization program staff said their monitoring activity was focused on ensuring compliance for other federal programs, and they were not aware that monitoring activities must be specific to the requirements and terms and conditions of the LIHEAP awards.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Department is meeting federal requirements by performing the appropriate level of monitoring to ensure subrecipients comply with program requirements.
Furthermore, without proper and complete monitoring documentation, management cannot ensure that Department staff are adequately monitoring subrecipients.
Recommendations
We recommend the Department:
• Improve internal controls to ensure it performs required risk assessments
• Improve internal controls to ensure that all monitoring documentation is thorough and complete
• Ensure staff conduct program and financial monitoring that is clearly attributable to the federal award’s requirements
• Ensure that risk-based monitoring activities are specific to the federal award and distinguishable between low- and high-risk subrecipients
Department’s Response
The Department concurs with the finding. The Department’s Weatherization program conducts a robust risk assessment annually that includes multiple levels of risks across all programs. The risk assessment reviews risk per subrecipient and is separate from our monitoring process.
Over the course of the years of 2022 and 2023, the program underwent some significant staff changes. Three supervisor level positions were vacated and numerous programmatic staff positions changes were made which resulted in the annual risk assessment for fiscal year 2023 not being completed in time and missing data not recorded in monitoring reports.
The program’s monitoring team utilizes the risk assessment and other resources to determine the focus areas of weatherization monitoring, not necessarily the number of projects for inspection. The Department of Energy requires all grantees to inspect a minimum of 5% or 10% of completed units be inspected depending on if the agency has a waiver for an independent auditor and inspector. The monitoring team exceeds the DOE requirements by inspecting between 10 and 20 percent of all production, statewide.
The monitoring team does not delineate LIHEAP specific projects in their monitoring since very few are solely LIHEAP funded. The vast majority utilize a combination of federal, state and utility funding. The team reserves the right to increase the number of projects inspected based on agency risk and inspection results independent of the funding sources. However, the results of our monitoring in concert with the risk assessment and previously identified concerns determine if an elevated level of review is needed beyond the minimum standards.
The Department acknowledges the recommendations set forth by the State Auditor’s Office and plan to implement changes. The team is currently in the process of finalizing the 2023 Risk Assessment which is expected to be finalized by December 31, 2023. The process for the 2024 Risk Assessment will then commence and be completed by May 30, 2024. The team will incorporate a formal checklist process that will assign staff to tasks and include supervisory signatures to ensure compliance and timeliness. All supervisory positions have been filled.
A two day meeting is scheduled in January 2024 to review and update all monitoring processes, procedures, forms, and protocols. The goal is to better align monitoring forms and checklists with the risk assessment tools. The team recognizes the need to clarify the process and increase consistency for elevated levels of monitoring while ensuring that all required documentation and checklists are complete. This will include supervisor review and sign off at appropriate milestones of the monitoring process. We intend to have all monitoring forms updated by May 30, 2024. We will work in sync with our LIHEAP program manager to ensure we are in compliance with monitoring expectations specific to the program and determine how we might increase monitoring for weatherization LIHEAP projects. We appreciate the thorough review and feedback, the information provided assisted in our efforts to improve our weatherization monitoring process and service delivery.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-055 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WAE5C6; 2102WALWC6
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-039
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia, and territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department is required to collect and report program information through various reports.
LIHEAP Performance Data Form
The LIHEAP Performance Data Form has two modules. Module 1 is the Grant Recipient Survey that collects and reports data on sources and uses of LIHEAP funds. Module 2 is the performance measures used to report data on energy burden targeting and reduction, as well as the continuity of home energy service.
Annual Report on Households Assisted by LIHEAP
The Annual Report on Households is used to report data on the number, income levels, and demographic information on both households assisted and households applying for assistance.
Both reports are required to separate the data by regular LIHEAP funding and additional LIHEAP funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the American Rescue Plan Act of 2021 (ARPA).
Quarterly Performance and Management Report
Starting in fiscal year 2023, the Quarterly Performance and Management Report was required to report aggregated data on total households assisted, performance management metrics, and estimated uses of LIHEAP funds, along with some narrative information about program implementation and support.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with reporting requirements for the LIHEAP Performance Data Form and Annual Report on Households Assisted. The prior finding was number 2022-039. Two audits ago, we also reported the Department did not have adequate controls over and did not comply with reporting requirements for the Annual Report on Households Assisted. This finding number was 2021-032.
Description of Condition
The Department did not have adequate internal controls over and did not comply with the reporting requirements for LIHEAP.
We reviewed the LIHEAP Performance Data Form and Annual Report on Households Assisted for the federal fiscal year ending September 30, 2022. In addition, we reviewed the three Quarterly Performance and Management Reports that the Department submitted during the audit period. We examined each report and attempted to recalculate the information reported using the supporting documentation used to prepare the reports and data from the LIHEAP database.
Based on the data the Department provided, we identified the following:
LIHEAP Performance Data Form
• In Module 1 Estimated Sources and Uses of LIHEAP Funds, 11 of 16 fields (69 percent) were inaccurate, and the Department was not able to provide any support for eight of these 11.
• In Module 2 Household Data, 83 of 240 fields (35 percent) we examined were inaccurate.
• Most differences in the amounts reported and the data provided were between less than one percent and 100 percent.
• All households data were accurate, but subcategories isolating CARES funding and ARPA funding had variances ranging from (5,016) to 4,557 in the average annual household income data.
Annual Report on Households Assisted by LIHEAP
• 102 of 162 (63 percent) fields we examined were inaccurate.
• The differences in the amounts reported and data provided were between less than one percent and 100 percent.
• High level totals were generally accurate, but subcategories isolating CARES funding and ARPA funding had variances ranging from (1,780) to 767 in the number of households assisted.
Quarterly Performance Management Report
• All nine fields (100 percent) we examined were inaccurate.
• The differences between values reported and data provided were between 2 percent and 371 percent.
• The variances ranged in underreporting total households assisted by 7,932 to overreporting occurrences of households where LIHEAP restored home energy by 4,722.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure they properly reviewed and approved these reports before the Department submitted them. Furthermore, the Department did not retain source documentation used at the time of completing these reports, and the data from the LIHEAP database is real-time data that can change over time without the ability to track changes. As a result, the data provided to verify the reported amounts has changed since the time of report submission.
In addition, the Department did not properly follow reporting instructions to break down some data types and did not align rounding methodologies for calculating poverty levels according to reporting requirements. Department officials also said the agency is understaffed and experienced turnover among key personnel, including management, who are involved in preparing and submitting the reports.
Effect of Condition
By not retaining supporting documentation and source data for the reports, management was unable to demonstrate the amounts the Department reported to the federal grantor were complete and accurate.
Additionally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure management is reviewing reports prior to submission
• Ensure supporting documentation and real-time data used to prepare the reports are retained
• Ensure all amounts reported align with reporting requirements and methodologies
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Department’s Response
The Department appreciates the State Auditor’s Office thorough review of our internal controls and compliance over reporting for the Low-Income Home Energy Assistance Program. The program confirms the reports were reviewed and approved by the Managing Director, the program manager did not retain written approvals.
The program will add the following bolded steps to the Department's procedures for LIHEAP federal reporting.
The retention of the source data at the time the reports are pulled will result in the Department and SAO reviewing the same data from the same time.
The Department follows the reporting process outlined below:
• Program manager pulls the necessary reports
• LIHEAP program manager will retain all data reports from the LIHEAP data system used for reporting.
• LIHEAP information technology staff will save a snapshot of the entire database from the date of the report. This will allow the State Auditor’s Office to review the actual information used for reporting.
• Managing director reviews reports before submittal.
• Managing director will send written/email approval to program manager
• Program manager will retain written approval for the State Auditor’s Office review
• Program manager submits reports once managing director approval is received.
• Program manager receives notice that the report has been accepted by the funder.
• Program manager saves a copy of the report, documentation, and acceptance
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart 342, Monitoring and reporting program performance, states in part:
b. Non-construction performance reports. The HHS awarding agency must use standard, OMB-approved data elements for collection of performance information (including performance progress reports, Research Performance Progress Report, or such future collections as may be approved by OMB and listed on the OMB Web site).
1. The non-Federal entity must submit performance reports at the interval required by the HHS awarding agency or pass-through entity to best inform improvements in program outcomes and productivity. Intervals must be no less frequent than annually nor more frequent than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes. Annual reports must be due 90 calendar days after the reporting period; quarterly or semiannual reports must be due 30 calendar days after the reporting period. Alternatively, the HHS awarding agency or pass-through entity may require annual reports before the anniversary dates of multiple year Federal awards. The final performance report will be due 90 calendar days after the period of performance end date. If a justified request is submitted by a non-Federal entity, the HHS awarding agency may extend the due date for any performance report.
Title 45 CFR Part 96, Subpart 82, Required report on households assisted, states in part:
a. Each grantee which is a State or an insular area which receives an annual allotment of at least $200,000 shall submit to the Department, as part of its LIHEAP grant application, the data required by section 2605(c)(1)(G) of Public Law 97-35 (42 U.S.C. 8624(c)(1)(G)) for the 12-month period corresponding to the Federal fiscal year (October 1 – September 30) preceding the fiscal year for which funds are requested. The data shall be reported separately for LIHEAP heating, cooling, crisis, and weatherization assistance.
Office of Management and Budget, 2023 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The U.S. Department of Health and Human Services, Division of Energy Assistance, Office of Community Services, Administration of Children and Families, provides the following reporting instructions:
• Instructions for the LIHEAP Performance Data Form for FFY 2022
• Instructions for the LIHEAP Household Report for FFY 2022 – Long Form
• Instructions for Completion of the Quarterly Performance and Management Report for the Low-Income Home Energy Assistance Program
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11
2023-056 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for the Low-Income Home Energy Assistance Program contained the federal award identification elements.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S Department of Health & Human Services
Federal Award/Contract Number: 2301WALIEA, 2301WALIEE, 2301WALIEI, 2201WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Commerce administers the Low-Income Home Energy Assistance Program (LIHEAP), which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. During the audit period, the energy assistance program allocated funds to 26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85 percent of LIHEAP funds go to the energy assistance program, with no more than 15 percent allocated for weatherization activities. Each program makes separate subawards to subrecipients.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. LIHEAP management reviews subawards prior to execution to ensure all elements are included in the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure LIHEAP subawards contained the federal award identification elements.
During the audit period, the Department executed 126 LIHEAP subawards for the energy assistance and weatherization programs. The Department uses the same process for these two programs to ensure the 14 federal award identification elements are included in the subawards. We used a non-statistical sampling method to randomly select and examine 17 of these subawards to determine if the required information was included. We found that six energy assistance subawards (35 percent) did not have the correct FAIN. One of these six subawards (6 percent) also incorrectly communicated seven additional elements, and it did not properly differentiate separate projects and costs and, therefore, did not clearly communicate the allowable activities for each specific FAIN on the subaward.
We also judgmentally reviewed three additional energy assistance subawards. For all three, we found eight of the elements were not correctly communicated to the subrecipient, and they did not properly communicate the program’s allowable activities.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In an effort to be more efficient, program management included two FAINs in one subaward. However, the FAINs had different information for some of the 14 federal award identification elements, and management did not ensure that the necessary information for each FAIN was included in the subaward.
Effect of Condition
By not clearly identifying the required information in subawards, the Department cannot ensure that subrecipients are adequately informed of program requirements for each federal award.
Recommendation
We recommend the Department establish policies and procedures and provide training for staff to ensure it includes all required federal award identification elements in subawards.
Department’s Response
The Department agrees with this finding. The wrong Federal Award Identification Numbers (FAIN) were entered incorrectly due to multiple awards and contracts being sent out.
While 13 of the 14 required elements were included, the issue with the multiple awards and FAINs on a single contract will be corrected. The Department will separate the FAIN information by award on the contract in the Contract Face Sheet (CFS), the Contract Information Sheet (CIS), and Section 1. Acknowledgment of Federal Funding in the Special & General Terms & Conditions of the contract. The information will be entered by the LIHEAP Commerce Specialist 3, reviewed by the LIHEAP Program Manager, and then reviewed by the Community & Economic Opportunities Managing Director prior to contracts being sent out.
In addition, the Requirements for Pass Through Entities fourteen elements will be communicated to all subrecipients via the Department required communication which was a required process Commerce implemented in 2022. This communication is included as part of each award issued to subrecipients as required by the Code of Federal Regulations.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, establishes requirements for pass-through entities.
Title 45 CFR Part 75, section 303, Subpart D - Standards for Financial and Program Management 3, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-057 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments and monitor subrecipients of the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: 2301WALIEA, 2201WALIEA, 2101WALIEA, 2301WALIEE, 2301WALIEI, 2201WALIEI, 2101WAE5C6, 2101WALWC6, 2101WALWC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Commerce administers the Low-Income Home Energy Assistance Program (LIHEAP), which provides financial assistance to low-income households to meet their energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. The energy assistance program allocated funds to
26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85 percent of LIHEAP funds go to the energy assistance program, with no more than 15 percent allocated for weatherization activities. Each program makes separate subawards to subrecipients and conducts risk assessments and monitoring activities independently of each other. For weatherization, the Department includes other federal programs in the monitoring activity, and staff use a checklist to ensure all monitoring is performed.
Federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations also require the Department to monitor the activities of its subrecipients as necessary to ensure that they use their subawards for authorized purposes, comply with the terms and conditions of their subawards, and achieve performance goals.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments and monitor LIHEAP subrecipients.
We did not identify issues with the energy assistance program during the audit period. However, we found the Department did not perform risk assessments for any of its 24 subrecipients (100 percent) for the weatherization program.
We used a non-statistical sampling method to randomly select and examine eight out of the 24 total weatherization subrecipients to determine if the Department conducted sufficient program and fiscal monitoring. We found Department staff did not fully complete the monitoring checklist for six subrecipients (75 percent). Also, for all eight subrecipients (100 percent), we could not determine if the monitoring activity was specific to the federal requirements for the program. Furthermore, we found seven subrecipients (88 percent) did not have adequate documentation to determine if the reimbursement requests reviewed were for the LIHEAP program.
Finally, the Department classified six out of the eight subrecipients examined as high risk and two as low risk. However, all subrecipients received the same level of monitoring regardless of their classified risk level.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department does not have adequate policies and procedures in place to ensure the risk assessments are completed and influence the level of monitoring activity. Furthermore, management did not adequately monitor employees performing the monitoring activity to ensure they properly completed the checklists. Department employees said staffing shortages contributed to delays in performing risk assessments, staff responsible for the risk assessments were not aware they must be completed within each fiscal year, and management did not ensure they were performed.
Furthermore, the weatherization program staff said their monitoring activity was focused on ensuring compliance for other federal programs, and they were not aware that monitoring activities must be specific to the requirements and terms and conditions of the LIHEAP awards.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Department is meeting federal requirements by performing the appropriate level of monitoring to ensure subrecipients comply with program requirements.
Furthermore, without proper and complete monitoring documentation, management cannot ensure that Department staff are adequately monitoring subrecipients.
Recommendations
We recommend the Department:
• Improve internal controls to ensure it performs required risk assessments
• Improve internal controls to ensure that all monitoring documentation is thorough and complete
• Ensure staff conduct program and financial monitoring that is clearly attributable to the federal award’s requirements
• Ensure that risk-based monitoring activities are specific to the federal award and distinguishable between low- and high-risk subrecipients
Department’s Response
The Department concurs with the finding. The Department’s Weatherization program conducts a robust risk assessment annually that includes multiple levels of risks across all programs. The risk assessment reviews risk per subrecipient and is separate from our monitoring process.
Over the course of the years of 2022 and 2023, the program underwent some significant staff changes. Three supervisor level positions were vacated and numerous programmatic staff positions changes were made which resulted in the annual risk assessment for fiscal year 2023 not being completed in time and missing data not recorded in monitoring reports.
The program’s monitoring team utilizes the risk assessment and other resources to determine the focus areas of weatherization monitoring, not necessarily the number of projects for inspection. The Department of Energy requires all grantees to inspect a minimum of 5% or 10% of completed units be inspected depending on if the agency has a waiver for an independent auditor and inspector. The monitoring team exceeds the DOE requirements by inspecting between 10 and 20 percent of all production, statewide.
The monitoring team does not delineate LIHEAP specific projects in their monitoring since very few are solely LIHEAP funded. The vast majority utilize a combination of federal, state and utility funding. The team reserves the right to increase the number of projects inspected based on agency risk and inspection results independent of the funding sources. However, the results of our monitoring in concert with the risk assessment and previously identified concerns determine if an elevated level of review is needed beyond the minimum standards.
The Department acknowledges the recommendations set forth by the State Auditor’s Office and plan to implement changes. The team is currently in the process of finalizing the 2023 Risk Assessment which is expected to be finalized by December 31, 2023. The process for the 2024 Risk Assessment will then commence and be completed by May 30, 2024. The team will incorporate a formal checklist process that will assign staff to tasks and include supervisory signatures to ensure compliance and timeliness. All supervisory positions have been filled.
A two day meeting is scheduled in January 2024 to review and update all monitoring processes, procedures, forms, and protocols. The goal is to better align monitoring forms and checklists with the risk assessment tools. The team recognizes the need to clarify the process and increase consistency for elevated levels of monitoring while ensuring that all required documentation and checklists are complete. This will include supervisor review and sign off at appropriate milestones of the monitoring process. We intend to have all monitoring forms updated by May 30, 2024. We will work in sync with our LIHEAP program manager to ensure we are in compliance with monitoring expectations specific to the program and determine how we might increase monitoring for weatherization LIHEAP projects. We appreciate the thorough review and feedback, the information provided assisted in our efforts to improve our weatherization monitoring process and service delivery.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-065 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-047
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed, or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35 percent, 25 percent, and 40 percent, respectively, that will total 100 percent. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2023, the Department allocated about $18 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with certain requirements of its PACAP. The prior finding number was 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (September 2022).
We determined this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit. In addition, the Department has confirmed that all cost base 100 workbooks have been properly completed for state fiscal year 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part: FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
2023-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-048
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $11.6 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink. When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice based on billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
The Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department was unable to fully implement the corrective action plan during the audit period.
Effect of Condition
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported.
Recommendation
We recommend the Department follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not have the opportunity to fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. There by the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In April 2023, the Fiscal Integrity Unit, within the Financial and Business Services Division (FBSD), worked with the Child Welfare and Information Technology Divisions to implement the following internal controls:
• Utilized algorithms in the Sprout system to identify reimbursement requests outside of a reasonable amount.
• Required providers to submit additional documentation or explanation for those identified amounts.
• Implemented a re-run process for prior billing periods to eliminate potential double billings by providers.
• Trained headquarters and field office accounting staff to utilize the new algorithms and review additional documentation prior to processing payments.
In August 2023, the Contracts Compliance Team, within the FBSD, hired one new staff dedicated to reviewing all regional client service child welfare contracts including family time visit payments and will hire an additional staff in December 2023. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began fiscal monitoring of family time visit payments in November 2023.
The Department also required additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment. The Department continues to identify and implement regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $8.6 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists meet with caregivers to discuss the amount of time they spend meeting a child’s needs. To ensure maintenance payments are accurate and allowable, the specialists enter the caregivers’ answers into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate for caregivers’ time spent meeting a child’s needs. Prior to payment, a Department supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 22,538 made during the audit period. We found that the Department did not perform six-month reviews of the reimbursement rates for five payments.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said limitations with the FamLink system prevented the Department from running reports to verify that rate assessments were reviewed timely. Additionally, management did not establish another method to monitor these requirements.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department utilizes FamLink as the case management system for Foster Care which due to system limitations did not have the reporting capabilities to track rate setting reviews during the audit period. The Department created a report in FamLink to assist rate assesors in identifying six-month reviews that had not been performed timely. This tool has helped supervisors identify late rate assessments but has not helped them track six-month rate assessment due dates. A request has been submitted to the Department’s Office of Innovation, Alignment, and Accountability to update the report to show when the next rate assessment is due. Until this report update is completed, the supervisors will be performing monthly tracking to assist with internal controls and compliance with reviews.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, states:
The caseworker or designated rate assessment specialist will meet with the foster parent in person or telephonically to complete the assessment:
1.Within thirty days of the child’s placement in the foster parent’s home;
2.At least every six months after the first assessment, except under limited circumstances that serve the best interest of the child; and
When there is a significant change in circumstances for the child or in the foster parent’s ability or time required to meet the child’s needs.
2023-068 The Department of Children, Youth, and Families did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-050
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers' households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results of the name-based check, the Department shall provide a complete set of each adult resident's fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds. This included about $33.3 million for payments to providers for direct client services, with $1.4 million paid to licensed group care facilities and $13.3 million paid to foster family homes. State and federal law require background checks for foster family homes and licensed group care facilities.
Licensed group care facilities
Licensed group care facilities are maintained and operated for groups of children on a 24-hour basis to provide safe, healthy living environments that meet the developmental needs of the children in care. These facilities are not permanent homes, but they provide a higher level of care for the foster children who are in them. Before a facility becomes licensed, it must complete an application that the Department reviews to ensure the facility is compliant with licensing requirements. This includes ensuring all people working in the facility have cleared background checks, which is a requirement in state and federal law.
After the initial application, the Department requests the group care facility to provide quarterly reports of new and existing employees to ensure all have cleared background checks before they are allowed unsupervised access to children. To track this, the Department enters employees’ information and the facilities they work at into the FamLink system. FamLink is a service delivery and support system the Department uses to track clients statewide, and management uses it to track service performance and outcomes.
Foster family homes
Prospective foster parents, as well as any adults residing in prospective caregivers’ households, must have satisfactorily met background checks. These checks, including state and federal criminal records and child abuse and neglect central registries, are part of the process of assessing the suitability of these caregivers to provide a safe home for children placed in their care.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. The prior finding number was 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Licensed group care facilities
In the prior audit, we found that the Department did not effectively monitor when employees started working in facilities. Without documenting employees’ start date of employment, the Department cannot ensure they had cleared background checks before having unsupervised access to children. We found this internal control weakness still existed in the current audit because the Department was not able to fully implement its corrective action plan during the audit period. We tested a sample of background checks for facility staff to ensure they were performed properly and determined they were.
Foster family homes
We used a statistical sampling method to randomly select and examine 56 out of 493 households whose adult residents required background checks to ensure they were performed properly. We found the Department placed one child in emergent care with two adults who did not receive timely fingerprint checks within the required timeline of 15 calendar days. The adults in the household had their fingerprint checks at 17 days and were determined eligible for foster child placement.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies, but did not fully implement it during the current audit period.
Further, the Department provided a complete set of each adult resident’s fingerprints to the Washington State Patrol two days late.
Effect of Condition
Without documenting employees’ start dates, the Department cannot ensure they have cleared background checks before beginning work. By not adequately monitoring group care facility employees’ start dates, ineligible employees could have unsupervised access to foster care children before they have cleared the required background checks.
In addition, by not obtaining timely fingerprint background checks for emergent placements, children may be in unsafe environments that affect their health and safety.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure all group care facility employees have cleared background checks before beginning work
• Ensure it provides the Washington State Patrol with all fingerprint background checks for emergent placements within 15 calendar days from the date the name search was conducted
Department’s Response
The Department is committed to ensuring the health, safety, and well-being of all children in our care. As to the Auditor’s specific findings, the Department partially concurs and offers the following detail:
Licensed group care facilities
As stated in the audit finding section, Description of Condition, all group care facility staff sampled during the audit had a cleared background check prior to working in the facility. While we agree the use of definitions such as “effective date” and “start date” could be misleading, we do not concur the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. We are confident that staff who work with children and youth have a cleared background check.
The Department concurs we do not document staff members’ start dates in FamLink. FamLink is used to document background clearance information, but it only allows for one date to be entered as the “effective date.” This “effective date” is imported to the Background Check System as the “start date.” The Department’s Licensing Division enters the “effective date” as the date that the background check paperwork on an applicant/staff member is received from the facility, this is to verify the correct applicant/staff member whose background check is being processed. The data pulled as part of the audit referenced the “start date” from the Background Check System, which the auditor’s office interpreted as hire date or first date they began work in the facility, which was not accurate.
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective April 1, 2023, the Department implemented a corrective action plan for processing background checks for group care facilities in response to the prior audit. Applicant/staff member background check request forms are submitted directly to the Background Check Unit by the facility. The Background Check Unit processes a fingerprint background check, a child abuse/neglect history check, and if applicable, a suitability assessment. The results are then provided to the Licensing Division and the group care facility. If the applicant is cleared, the Licensing Division staff adds the staff member to the group care facility in FamLink. The new “effective date” in FamLink is the final approval from the Background Check Unit. In addition, regional licensors continue to conduct yearly health and safety monitoring visits, which includes a random sample review of personnel files containing background check information.
Foster family homes
As noted in the Background Section of the finding, RCW 26.44.240 does state the Department must immediately remove a child, but the Department is required to recommend removal of the child to the court and receive approval prior to taking action. The court does not always rule in the Department’s favor and the child remains in the placement.
As to the specific exceptions identified, the household that completed fingerprints two days after the required 15 calendar day period was delayed due to one of the applicants last name being misspelled in the system. The applicant was turned away at their fingerprint appointment due to the misspelling causing the delay in the timeline for both members of the household. The applicant notified the Department and once the name was corrected the applicant was able to fingerprint and both applicants in the household received a “no record” result as was reported on their initial National Crime Information Center (NCIC) Code X checks prior to the emergent placement.
Auditor’s Remarks
We appreciate the Department’s commitment to resolving these matters.
The purpose of our testing was to ensure employees had a clear background check prior to them working at the group home facility. We knew that the “start date” from the Background Check System was not the first date an employee began working in the facility. During our review, we did not use the start dates in the system, but instead reviewed supporting documentation to identify the actual start dates when possible. However, the Department was unable to demonstrate whether some employees had clear background checks before working because they did not have the start date of their employment.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code § 671 - State plan for foster care and adoption assistance, specifies the federal requirements for background checks.
RCW 43.43.837, Fingerprint-based checks—Requirements for applicants and service providers—Shared background checks—Fees—Rules to establish financial responsibility.
RCW 26.44.240, Out-of-home care—Emergency placement—Criminal history record check.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks
2023-069 The Department of Children, Youth, and Families did not have adequate internal controls over reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirement: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-051
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2023, about 8,000 children were in Washington’s foster care system. In fiscal year 2023, the Department spent almost $140.5 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding number was 2022-051.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 117 lines in aggregate, and 12 (10 percent) of the lines were incorrect.
We also reviewed all four reports the Department submitted during the audit period, and we found that all of them contained inaccuracies. In total, the Department overreported its program expenditures by a total of $571,586. The Department also overstated the total number of children receiving foster care benefits by 153.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. It was found that the Department did not create accurate crosswalks to ensure reports were run properly, and although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management advised that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendations
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department partially concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department provided electronic copies of the quarterly crosswalks to SAO for the reporting period being reviewed. During a previous audit SAO recommended that the Department maintain paper copies of the crosswalks and reports to show review and approvals. The paper copies of the crosswalks notated the changes made during the review and approval process for the quarterly reports. Due to staffing and limited time available the paper copies were not reviewed and provided to SAO to clear the exceptions identified above. The incorrect crosswalk information did not have an impact on the accuracy of the data reported.
Inaccurate Reports
SAO stated the Department over reported its program expenditures by a total of $571,586. The Department does not concur with the total amount determine. The FFY22 Quarter 4 report was noted as overstated by $254,721, but the expenditures were correctly reported; however the crosswalk used as reference was documented incorrectly. As stated above the incorrect crosswalk information did not have an impact on the expenditure data reported.
As to the FFY23 Quarter 3 report, the Department has reconciled the data and determined that we over reported by $237,212. The Department will submit a correction to the federal partner during the next reporting period.
The Department will review and strengthen our internal processes in order to complete the quarterly reports accurately.
Auditor’s Remarks
We appreciate the Department’s commitment to strengthening its internal processes to complete the quarterly reports accurately.
Quarterly Crosswalks
Based on our understanding of the process, obtained from the Department, the purpose of the Crosswalks is to create guidelines for accurately completing the CB-496 reports and is one of the key internal controls the Department asserted ensured accuracy of the CB-496 reports. This key internal control was confirmed by the Department on July 26, 2023. During our compliance testing, we noted several exceptions that resulted from the inaccuracy of the crosswalks.
Inaccurate Reports
The instructions on the Crosswalk indicate certain line items should be subtracted to determine the amount to be reported. The instructions provided by the Federal Government for line 7a, In-Placement Administrative Costs – Provider and Agency Management, indicate lines 11a through 14b need to be subtracted. In the crosswalks the Department stated that only Line 13a was subtracted. Therefore, $254,721 more was reported on the CB-496 than instructions indicated.
We reaffirm our finding, and we will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
(a) Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
2023-065 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-047
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed, or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35 percent, 25 percent, and 40 percent, respectively, that will total 100 percent. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2023, the Department allocated about $18 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with certain requirements of its PACAP. The prior finding number was 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (September 2022).
We determined this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit. In addition, the Department has confirmed that all cost base 100 workbooks have been properly completed for state fiscal year 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part: FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
2023-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-048
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $11.6 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink. When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice based on billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
The Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department was unable to fully implement the corrective action plan during the audit period.
Effect of Condition
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported.
Recommendation
We recommend the Department follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not have the opportunity to fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. There by the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In April 2023, the Fiscal Integrity Unit, within the Financial and Business Services Division (FBSD), worked with the Child Welfare and Information Technology Divisions to implement the following internal controls:
• Utilized algorithms in the Sprout system to identify reimbursement requests outside of a reasonable amount.
• Required providers to submit additional documentation or explanation for those identified amounts.
• Implemented a re-run process for prior billing periods to eliminate potential double billings by providers.
• Trained headquarters and field office accounting staff to utilize the new algorithms and review additional documentation prior to processing payments.
In August 2023, the Contracts Compliance Team, within the FBSD, hired one new staff dedicated to reviewing all regional client service child welfare contracts including family time visit payments and will hire an additional staff in December 2023. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began fiscal monitoring of family time visit payments in November 2023.
The Department also required additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment. The Department continues to identify and implement regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $8.6 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists meet with caregivers to discuss the amount of time they spend meeting a child’s needs. To ensure maintenance payments are accurate and allowable, the specialists enter the caregivers’ answers into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate for caregivers’ time spent meeting a child’s needs. Prior to payment, a Department supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 22,538 made during the audit period. We found that the Department did not perform six-month reviews of the reimbursement rates for five payments.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said limitations with the FamLink system prevented the Department from running reports to verify that rate assessments were reviewed timely. Additionally, management did not establish another method to monitor these requirements.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department utilizes FamLink as the case management system for Foster Care which due to system limitations did not have the reporting capabilities to track rate setting reviews during the audit period. The Department created a report in FamLink to assist rate assesors in identifying six-month reviews that had not been performed timely. This tool has helped supervisors identify late rate assessments but has not helped them track six-month rate assessment due dates. A request has been submitted to the Department’s Office of Innovation, Alignment, and Accountability to update the report to show when the next rate assessment is due. Until this report update is completed, the supervisors will be performing monthly tracking to assist with internal controls and compliance with reviews.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, states:
The caseworker or designated rate assessment specialist will meet with the foster parent in person or telephonically to complete the assessment:
1.Within thirty days of the child’s placement in the foster parent’s home;
2.At least every six months after the first assessment, except under limited circumstances that serve the best interest of the child; and
When there is a significant change in circumstances for the child or in the foster parent’s ability or time required to meet the child’s needs.
2023-068 The Department of Children, Youth, and Families did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-050
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers' households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results of the name-based check, the Department shall provide a complete set of each adult resident's fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds. This included about $33.3 million for payments to providers for direct client services, with $1.4 million paid to licensed group care facilities and $13.3 million paid to foster family homes. State and federal law require background checks for foster family homes and licensed group care facilities.
Licensed group care facilities
Licensed group care facilities are maintained and operated for groups of children on a 24-hour basis to provide safe, healthy living environments that meet the developmental needs of the children in care. These facilities are not permanent homes, but they provide a higher level of care for the foster children who are in them. Before a facility becomes licensed, it must complete an application that the Department reviews to ensure the facility is compliant with licensing requirements. This includes ensuring all people working in the facility have cleared background checks, which is a requirement in state and federal law.
After the initial application, the Department requests the group care facility to provide quarterly reports of new and existing employees to ensure all have cleared background checks before they are allowed unsupervised access to children. To track this, the Department enters employees’ information and the facilities they work at into the FamLink system. FamLink is a service delivery and support system the Department uses to track clients statewide, and management uses it to track service performance and outcomes.
Foster family homes
Prospective foster parents, as well as any adults residing in prospective caregivers’ households, must have satisfactorily met background checks. These checks, including state and federal criminal records and child abuse and neglect central registries, are part of the process of assessing the suitability of these caregivers to provide a safe home for children placed in their care.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. The prior finding number was 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Licensed group care facilities
In the prior audit, we found that the Department did not effectively monitor when employees started working in facilities. Without documenting employees’ start date of employment, the Department cannot ensure they had cleared background checks before having unsupervised access to children. We found this internal control weakness still existed in the current audit because the Department was not able to fully implement its corrective action plan during the audit period. We tested a sample of background checks for facility staff to ensure they were performed properly and determined they were.
Foster family homes
We used a statistical sampling method to randomly select and examine 56 out of 493 households whose adult residents required background checks to ensure they were performed properly. We found the Department placed one child in emergent care with two adults who did not receive timely fingerprint checks within the required timeline of 15 calendar days. The adults in the household had their fingerprint checks at 17 days and were determined eligible for foster child placement.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies, but did not fully implement it during the current audit period.
Further, the Department provided a complete set of each adult resident’s fingerprints to the Washington State Patrol two days late.
Effect of Condition
Without documenting employees’ start dates, the Department cannot ensure they have cleared background checks before beginning work. By not adequately monitoring group care facility employees’ start dates, ineligible employees could have unsupervised access to foster care children before they have cleared the required background checks.
In addition, by not obtaining timely fingerprint background checks for emergent placements, children may be in unsafe environments that affect their health and safety.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure all group care facility employees have cleared background checks before beginning work
• Ensure it provides the Washington State Patrol with all fingerprint background checks for emergent placements within 15 calendar days from the date the name search was conducted
Department’s Response
The Department is committed to ensuring the health, safety, and well-being of all children in our care. As to the Auditor’s specific findings, the Department partially concurs and offers the following detail:
Licensed group care facilities
As stated in the audit finding section, Description of Condition, all group care facility staff sampled during the audit had a cleared background check prior to working in the facility. While we agree the use of definitions such as “effective date” and “start date” could be misleading, we do not concur the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. We are confident that staff who work with children and youth have a cleared background check.
The Department concurs we do not document staff members’ start dates in FamLink. FamLink is used to document background clearance information, but it only allows for one date to be entered as the “effective date.” This “effective date” is imported to the Background Check System as the “start date.” The Department’s Licensing Division enters the “effective date” as the date that the background check paperwork on an applicant/staff member is received from the facility, this is to verify the correct applicant/staff member whose background check is being processed. The data pulled as part of the audit referenced the “start date” from the Background Check System, which the auditor’s office interpreted as hire date or first date they began work in the facility, which was not accurate.
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective April 1, 2023, the Department implemented a corrective action plan for processing background checks for group care facilities in response to the prior audit. Applicant/staff member background check request forms are submitted directly to the Background Check Unit by the facility. The Background Check Unit processes a fingerprint background check, a child abuse/neglect history check, and if applicable, a suitability assessment. The results are then provided to the Licensing Division and the group care facility. If the applicant is cleared, the Licensing Division staff adds the staff member to the group care facility in FamLink. The new “effective date” in FamLink is the final approval from the Background Check Unit. In addition, regional licensors continue to conduct yearly health and safety monitoring visits, which includes a random sample review of personnel files containing background check information.
Foster family homes
As noted in the Background Section of the finding, RCW 26.44.240 does state the Department must immediately remove a child, but the Department is required to recommend removal of the child to the court and receive approval prior to taking action. The court does not always rule in the Department’s favor and the child remains in the placement.
As to the specific exceptions identified, the household that completed fingerprints two days after the required 15 calendar day period was delayed due to one of the applicants last name being misspelled in the system. The applicant was turned away at their fingerprint appointment due to the misspelling causing the delay in the timeline for both members of the household. The applicant notified the Department and once the name was corrected the applicant was able to fingerprint and both applicants in the household received a “no record” result as was reported on their initial National Crime Information Center (NCIC) Code X checks prior to the emergent placement.
Auditor’s Remarks
We appreciate the Department’s commitment to resolving these matters.
The purpose of our testing was to ensure employees had a clear background check prior to them working at the group home facility. We knew that the “start date” from the Background Check System was not the first date an employee began working in the facility. During our review, we did not use the start dates in the system, but instead reviewed supporting documentation to identify the actual start dates when possible. However, the Department was unable to demonstrate whether some employees had clear background checks before working because they did not have the start date of their employment.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code § 671 - State plan for foster care and adoption assistance, specifies the federal requirements for background checks.
RCW 43.43.837, Fingerprint-based checks—Requirements for applicants and service providers—Shared background checks—Fees—Rules to establish financial responsibility.
RCW 26.44.240, Out-of-home care—Emergency placement—Criminal history record check.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks
2023-069 The Department of Children, Youth, and Families did not have adequate internal controls over reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirement: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-051
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2023, about 8,000 children were in Washington’s foster care system. In fiscal year 2023, the Department spent almost $140.5 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding number was 2022-051.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 117 lines in aggregate, and 12 (10 percent) of the lines were incorrect.
We also reviewed all four reports the Department submitted during the audit period, and we found that all of them contained inaccuracies. In total, the Department overreported its program expenditures by a total of $571,586. The Department also overstated the total number of children receiving foster care benefits by 153.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. It was found that the Department did not create accurate crosswalks to ensure reports were run properly, and although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management advised that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendations
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department partially concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department provided electronic copies of the quarterly crosswalks to SAO for the reporting period being reviewed. During a previous audit SAO recommended that the Department maintain paper copies of the crosswalks and reports to show review and approvals. The paper copies of the crosswalks notated the changes made during the review and approval process for the quarterly reports. Due to staffing and limited time available the paper copies were not reviewed and provided to SAO to clear the exceptions identified above. The incorrect crosswalk information did not have an impact on the accuracy of the data reported.
Inaccurate Reports
SAO stated the Department over reported its program expenditures by a total of $571,586. The Department does not concur with the total amount determine. The FFY22 Quarter 4 report was noted as overstated by $254,721, but the expenditures were correctly reported; however the crosswalk used as reference was documented incorrectly. As stated above the incorrect crosswalk information did not have an impact on the expenditure data reported.
As to the FFY23 Quarter 3 report, the Department has reconciled the data and determined that we over reported by $237,212. The Department will submit a correction to the federal partner during the next reporting period.
The Department will review and strengthen our internal processes in order to complete the quarterly reports accurately.
Auditor’s Remarks
We appreciate the Department’s commitment to strengthening its internal processes to complete the quarterly reports accurately.
Quarterly Crosswalks
Based on our understanding of the process, obtained from the Department, the purpose of the Crosswalks is to create guidelines for accurately completing the CB-496 reports and is one of the key internal controls the Department asserted ensured accuracy of the CB-496 reports. This key internal control was confirmed by the Department on July 26, 2023. During our compliance testing, we noted several exceptions that resulted from the inaccuracy of the crosswalks.
Inaccurate Reports
The instructions on the Crosswalk indicate certain line items should be subtracted to determine the amount to be reported. The instructions provided by the Federal Government for line 7a, In-Placement Administrative Costs – Provider and Agency Management, indicate lines 11a through 14b need to be subtracted. In the crosswalks the Department stated that only Line 13a was subtracted. Therefore, $254,721 more was reported on the CB-496 than instructions indicated.
We reaffirm our finding, and we will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
(a) Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
2023-065 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-047
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed, or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35 percent, 25 percent, and 40 percent, respectively, that will total 100 percent. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2023, the Department allocated about $18 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with certain requirements of its PACAP. The prior finding number was 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (September 2022).
We determined this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit. In addition, the Department has confirmed that all cost base 100 workbooks have been properly completed for state fiscal year 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part: FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
2023-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-048
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $11.6 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink. When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice based on billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
The Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department was unable to fully implement the corrective action plan during the audit period.
Effect of Condition
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported.
Recommendation
We recommend the Department follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not have the opportunity to fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. There by the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In April 2023, the Fiscal Integrity Unit, within the Financial and Business Services Division (FBSD), worked with the Child Welfare and Information Technology Divisions to implement the following internal controls:
• Utilized algorithms in the Sprout system to identify reimbursement requests outside of a reasonable amount.
• Required providers to submit additional documentation or explanation for those identified amounts.
• Implemented a re-run process for prior billing periods to eliminate potential double billings by providers.
• Trained headquarters and field office accounting staff to utilize the new algorithms and review additional documentation prior to processing payments.
In August 2023, the Contracts Compliance Team, within the FBSD, hired one new staff dedicated to reviewing all regional client service child welfare contracts including family time visit payments and will hire an additional staff in December 2023. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began fiscal monitoring of family time visit payments in November 2023.
The Department also required additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment. The Department continues to identify and implement regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $8.6 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists meet with caregivers to discuss the amount of time they spend meeting a child’s needs. To ensure maintenance payments are accurate and allowable, the specialists enter the caregivers’ answers into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate for caregivers’ time spent meeting a child’s needs. Prior to payment, a Department supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 22,538 made during the audit period. We found that the Department did not perform six-month reviews of the reimbursement rates for five payments.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said limitations with the FamLink system prevented the Department from running reports to verify that rate assessments were reviewed timely. Additionally, management did not establish another method to monitor these requirements.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department utilizes FamLink as the case management system for Foster Care which due to system limitations did not have the reporting capabilities to track rate setting reviews during the audit period. The Department created a report in FamLink to assist rate assesors in identifying six-month reviews that had not been performed timely. This tool has helped supervisors identify late rate assessments but has not helped them track six-month rate assessment due dates. A request has been submitted to the Department’s Office of Innovation, Alignment, and Accountability to update the report to show when the next rate assessment is due. Until this report update is completed, the supervisors will be performing monthly tracking to assist with internal controls and compliance with reviews.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, states:
The caseworker or designated rate assessment specialist will meet with the foster parent in person or telephonically to complete the assessment:
1.Within thirty days of the child’s placement in the foster parent’s home;
2.At least every six months after the first assessment, except under limited circumstances that serve the best interest of the child; and
When there is a significant change in circumstances for the child or in the foster parent’s ability or time required to meet the child’s needs.
2023-068 The Department of Children, Youth, and Families did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-050
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers' households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results of the name-based check, the Department shall provide a complete set of each adult resident's fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds. This included about $33.3 million for payments to providers for direct client services, with $1.4 million paid to licensed group care facilities and $13.3 million paid to foster family homes. State and federal law require background checks for foster family homes and licensed group care facilities.
Licensed group care facilities
Licensed group care facilities are maintained and operated for groups of children on a 24-hour basis to provide safe, healthy living environments that meet the developmental needs of the children in care. These facilities are not permanent homes, but they provide a higher level of care for the foster children who are in them. Before a facility becomes licensed, it must complete an application that the Department reviews to ensure the facility is compliant with licensing requirements. This includes ensuring all people working in the facility have cleared background checks, which is a requirement in state and federal law.
After the initial application, the Department requests the group care facility to provide quarterly reports of new and existing employees to ensure all have cleared background checks before they are allowed unsupervised access to children. To track this, the Department enters employees’ information and the facilities they work at into the FamLink system. FamLink is a service delivery and support system the Department uses to track clients statewide, and management uses it to track service performance and outcomes.
Foster family homes
Prospective foster parents, as well as any adults residing in prospective caregivers’ households, must have satisfactorily met background checks. These checks, including state and federal criminal records and child abuse and neglect central registries, are part of the process of assessing the suitability of these caregivers to provide a safe home for children placed in their care.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. The prior finding number was 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Licensed group care facilities
In the prior audit, we found that the Department did not effectively monitor when employees started working in facilities. Without documenting employees’ start date of employment, the Department cannot ensure they had cleared background checks before having unsupervised access to children. We found this internal control weakness still existed in the current audit because the Department was not able to fully implement its corrective action plan during the audit period. We tested a sample of background checks for facility staff to ensure they were performed properly and determined they were.
Foster family homes
We used a statistical sampling method to randomly select and examine 56 out of 493 households whose adult residents required background checks to ensure they were performed properly. We found the Department placed one child in emergent care with two adults who did not receive timely fingerprint checks within the required timeline of 15 calendar days. The adults in the household had their fingerprint checks at 17 days and were determined eligible for foster child placement.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies, but did not fully implement it during the current audit period.
Further, the Department provided a complete set of each adult resident’s fingerprints to the Washington State Patrol two days late.
Effect of Condition
Without documenting employees’ start dates, the Department cannot ensure they have cleared background checks before beginning work. By not adequately monitoring group care facility employees’ start dates, ineligible employees could have unsupervised access to foster care children before they have cleared the required background checks.
In addition, by not obtaining timely fingerprint background checks for emergent placements, children may be in unsafe environments that affect their health and safety.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure all group care facility employees have cleared background checks before beginning work
• Ensure it provides the Washington State Patrol with all fingerprint background checks for emergent placements within 15 calendar days from the date the name search was conducted
Department’s Response
The Department is committed to ensuring the health, safety, and well-being of all children in our care. As to the Auditor’s specific findings, the Department partially concurs and offers the following detail:
Licensed group care facilities
As stated in the audit finding section, Description of Condition, all group care facility staff sampled during the audit had a cleared background check prior to working in the facility. While we agree the use of definitions such as “effective date” and “start date” could be misleading, we do not concur the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. We are confident that staff who work with children and youth have a cleared background check.
The Department concurs we do not document staff members’ start dates in FamLink. FamLink is used to document background clearance information, but it only allows for one date to be entered as the “effective date.” This “effective date” is imported to the Background Check System as the “start date.” The Department’s Licensing Division enters the “effective date” as the date that the background check paperwork on an applicant/staff member is received from the facility, this is to verify the correct applicant/staff member whose background check is being processed. The data pulled as part of the audit referenced the “start date” from the Background Check System, which the auditor’s office interpreted as hire date or first date they began work in the facility, which was not accurate.
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective April 1, 2023, the Department implemented a corrective action plan for processing background checks for group care facilities in response to the prior audit. Applicant/staff member background check request forms are submitted directly to the Background Check Unit by the facility. The Background Check Unit processes a fingerprint background check, a child abuse/neglect history check, and if applicable, a suitability assessment. The results are then provided to the Licensing Division and the group care facility. If the applicant is cleared, the Licensing Division staff adds the staff member to the group care facility in FamLink. The new “effective date” in FamLink is the final approval from the Background Check Unit. In addition, regional licensors continue to conduct yearly health and safety monitoring visits, which includes a random sample review of personnel files containing background check information.
Foster family homes
As noted in the Background Section of the finding, RCW 26.44.240 does state the Department must immediately remove a child, but the Department is required to recommend removal of the child to the court and receive approval prior to taking action. The court does not always rule in the Department’s favor and the child remains in the placement.
As to the specific exceptions identified, the household that completed fingerprints two days after the required 15 calendar day period was delayed due to one of the applicants last name being misspelled in the system. The applicant was turned away at their fingerprint appointment due to the misspelling causing the delay in the timeline for both members of the household. The applicant notified the Department and once the name was corrected the applicant was able to fingerprint and both applicants in the household received a “no record” result as was reported on their initial National Crime Information Center (NCIC) Code X checks prior to the emergent placement.
Auditor’s Remarks
We appreciate the Department’s commitment to resolving these matters.
The purpose of our testing was to ensure employees had a clear background check prior to them working at the group home facility. We knew that the “start date” from the Background Check System was not the first date an employee began working in the facility. During our review, we did not use the start dates in the system, but instead reviewed supporting documentation to identify the actual start dates when possible. However, the Department was unable to demonstrate whether some employees had clear background checks before working because they did not have the start date of their employment.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code § 671 - State plan for foster care and adoption assistance, specifies the federal requirements for background checks.
RCW 43.43.837, Fingerprint-based checks—Requirements for applicants and service providers—Shared background checks—Fees—Rules to establish financial responsibility.
RCW 26.44.240, Out-of-home care—Emergency placement—Criminal history record check.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks
2023-069 The Department of Children, Youth, and Families did not have adequate internal controls over reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirement: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-051
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2023, about 8,000 children were in Washington’s foster care system. In fiscal year 2023, the Department spent almost $140.5 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding number was 2022-051.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 117 lines in aggregate, and 12 (10 percent) of the lines were incorrect.
We also reviewed all four reports the Department submitted during the audit period, and we found that all of them contained inaccuracies. In total, the Department overreported its program expenditures by a total of $571,586. The Department also overstated the total number of children receiving foster care benefits by 153.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. It was found that the Department did not create accurate crosswalks to ensure reports were run properly, and although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management advised that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendations
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department partially concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department provided electronic copies of the quarterly crosswalks to SAO for the reporting period being reviewed. During a previous audit SAO recommended that the Department maintain paper copies of the crosswalks and reports to show review and approvals. The paper copies of the crosswalks notated the changes made during the review and approval process for the quarterly reports. Due to staffing and limited time available the paper copies were not reviewed and provided to SAO to clear the exceptions identified above. The incorrect crosswalk information did not have an impact on the accuracy of the data reported.
Inaccurate Reports
SAO stated the Department over reported its program expenditures by a total of $571,586. The Department does not concur with the total amount determine. The FFY22 Quarter 4 report was noted as overstated by $254,721, but the expenditures were correctly reported; however the crosswalk used as reference was documented incorrectly. As stated above the incorrect crosswalk information did not have an impact on the expenditure data reported.
As to the FFY23 Quarter 3 report, the Department has reconciled the data and determined that we over reported by $237,212. The Department will submit a correction to the federal partner during the next reporting period.
The Department will review and strengthen our internal processes in order to complete the quarterly reports accurately.
Auditor’s Remarks
We appreciate the Department’s commitment to strengthening its internal processes to complete the quarterly reports accurately.
Quarterly Crosswalks
Based on our understanding of the process, obtained from the Department, the purpose of the Crosswalks is to create guidelines for accurately completing the CB-496 reports and is one of the key internal controls the Department asserted ensured accuracy of the CB-496 reports. This key internal control was confirmed by the Department on July 26, 2023. During our compliance testing, we noted several exceptions that resulted from the inaccuracy of the crosswalks.
Inaccurate Reports
The instructions on the Crosswalk indicate certain line items should be subtracted to determine the amount to be reported. The instructions provided by the Federal Government for line 7a, In-Placement Administrative Costs – Provider and Agency Management, indicate lines 11a through 14b need to be subtracted. In the crosswalks the Department stated that only Line 13a was subtracted. Therefore, $254,721 more was reported on the CB-496 than instructions indicated.
We reaffirm our finding, and we will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
(a) Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
2023-065 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-047
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed, or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35 percent, 25 percent, and 40 percent, respectively, that will total 100 percent. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2023, the Department allocated about $18 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with certain requirements of its PACAP. The prior finding number was 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (September 2022).
We determined this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit. In addition, the Department has confirmed that all cost base 100 workbooks have been properly completed for state fiscal year 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part: FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
2023-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-048
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $11.6 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink. When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice based on billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
The Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department was unable to fully implement the corrective action plan during the audit period.
Effect of Condition
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported.
Recommendation
We recommend the Department follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not have the opportunity to fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. There by the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In April 2023, the Fiscal Integrity Unit, within the Financial and Business Services Division (FBSD), worked with the Child Welfare and Information Technology Divisions to implement the following internal controls:
• Utilized algorithms in the Sprout system to identify reimbursement requests outside of a reasonable amount.
• Required providers to submit additional documentation or explanation for those identified amounts.
• Implemented a re-run process for prior billing periods to eliminate potential double billings by providers.
• Trained headquarters and field office accounting staff to utilize the new algorithms and review additional documentation prior to processing payments.
In August 2023, the Contracts Compliance Team, within the FBSD, hired one new staff dedicated to reviewing all regional client service child welfare contracts including family time visit payments and will hire an additional staff in December 2023. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began fiscal monitoring of family time visit payments in November 2023.
The Department also required additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment. The Department continues to identify and implement regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $8.6 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists meet with caregivers to discuss the amount of time they spend meeting a child’s needs. To ensure maintenance payments are accurate and allowable, the specialists enter the caregivers’ answers into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate for caregivers’ time spent meeting a child’s needs. Prior to payment, a Department supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 22,538 made during the audit period. We found that the Department did not perform six-month reviews of the reimbursement rates for five payments.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said limitations with the FamLink system prevented the Department from running reports to verify that rate assessments were reviewed timely. Additionally, management did not establish another method to monitor these requirements.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department utilizes FamLink as the case management system for Foster Care which due to system limitations did not have the reporting capabilities to track rate setting reviews during the audit period. The Department created a report in FamLink to assist rate assesors in identifying six-month reviews that had not been performed timely. This tool has helped supervisors identify late rate assessments but has not helped them track six-month rate assessment due dates. A request has been submitted to the Department’s Office of Innovation, Alignment, and Accountability to update the report to show when the next rate assessment is due. Until this report update is completed, the supervisors will be performing monthly tracking to assist with internal controls and compliance with reviews.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, states:
The caseworker or designated rate assessment specialist will meet with the foster parent in person or telephonically to complete the assessment:
1.Within thirty days of the child’s placement in the foster parent’s home;
2.At least every six months after the first assessment, except under limited circumstances that serve the best interest of the child; and
When there is a significant change in circumstances for the child or in the foster parent’s ability or time required to meet the child’s needs.
2023-068 The Department of Children, Youth, and Families did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-050
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers' households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results of the name-based check, the Department shall provide a complete set of each adult resident's fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds. This included about $33.3 million for payments to providers for direct client services, with $1.4 million paid to licensed group care facilities and $13.3 million paid to foster family homes. State and federal law require background checks for foster family homes and licensed group care facilities.
Licensed group care facilities
Licensed group care facilities are maintained and operated for groups of children on a 24-hour basis to provide safe, healthy living environments that meet the developmental needs of the children in care. These facilities are not permanent homes, but they provide a higher level of care for the foster children who are in them. Before a facility becomes licensed, it must complete an application that the Department reviews to ensure the facility is compliant with licensing requirements. This includes ensuring all people working in the facility have cleared background checks, which is a requirement in state and federal law.
After the initial application, the Department requests the group care facility to provide quarterly reports of new and existing employees to ensure all have cleared background checks before they are allowed unsupervised access to children. To track this, the Department enters employees’ information and the facilities they work at into the FamLink system. FamLink is a service delivery and support system the Department uses to track clients statewide, and management uses it to track service performance and outcomes.
Foster family homes
Prospective foster parents, as well as any adults residing in prospective caregivers’ households, must have satisfactorily met background checks. These checks, including state and federal criminal records and child abuse and neglect central registries, are part of the process of assessing the suitability of these caregivers to provide a safe home for children placed in their care.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. The prior finding number was 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Licensed group care facilities
In the prior audit, we found that the Department did not effectively monitor when employees started working in facilities. Without documenting employees’ start date of employment, the Department cannot ensure they had cleared background checks before having unsupervised access to children. We found this internal control weakness still existed in the current audit because the Department was not able to fully implement its corrective action plan during the audit period. We tested a sample of background checks for facility staff to ensure they were performed properly and determined they were.
Foster family homes
We used a statistical sampling method to randomly select and examine 56 out of 493 households whose adult residents required background checks to ensure they were performed properly. We found the Department placed one child in emergent care with two adults who did not receive timely fingerprint checks within the required timeline of 15 calendar days. The adults in the household had their fingerprint checks at 17 days and were determined eligible for foster child placement.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies, but did not fully implement it during the current audit period.
Further, the Department provided a complete set of each adult resident’s fingerprints to the Washington State Patrol two days late.
Effect of Condition
Without documenting employees’ start dates, the Department cannot ensure they have cleared background checks before beginning work. By not adequately monitoring group care facility employees’ start dates, ineligible employees could have unsupervised access to foster care children before they have cleared the required background checks.
In addition, by not obtaining timely fingerprint background checks for emergent placements, children may be in unsafe environments that affect their health and safety.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure all group care facility employees have cleared background checks before beginning work
• Ensure it provides the Washington State Patrol with all fingerprint background checks for emergent placements within 15 calendar days from the date the name search was conducted
Department’s Response
The Department is committed to ensuring the health, safety, and well-being of all children in our care. As to the Auditor’s specific findings, the Department partially concurs and offers the following detail:
Licensed group care facilities
As stated in the audit finding section, Description of Condition, all group care facility staff sampled during the audit had a cleared background check prior to working in the facility. While we agree the use of definitions such as “effective date” and “start date” could be misleading, we do not concur the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. We are confident that staff who work with children and youth have a cleared background check.
The Department concurs we do not document staff members’ start dates in FamLink. FamLink is used to document background clearance information, but it only allows for one date to be entered as the “effective date.” This “effective date” is imported to the Background Check System as the “start date.” The Department’s Licensing Division enters the “effective date” as the date that the background check paperwork on an applicant/staff member is received from the facility, this is to verify the correct applicant/staff member whose background check is being processed. The data pulled as part of the audit referenced the “start date” from the Background Check System, which the auditor’s office interpreted as hire date or first date they began work in the facility, which was not accurate.
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective April 1, 2023, the Department implemented a corrective action plan for processing background checks for group care facilities in response to the prior audit. Applicant/staff member background check request forms are submitted directly to the Background Check Unit by the facility. The Background Check Unit processes a fingerprint background check, a child abuse/neglect history check, and if applicable, a suitability assessment. The results are then provided to the Licensing Division and the group care facility. If the applicant is cleared, the Licensing Division staff adds the staff member to the group care facility in FamLink. The new “effective date” in FamLink is the final approval from the Background Check Unit. In addition, regional licensors continue to conduct yearly health and safety monitoring visits, which includes a random sample review of personnel files containing background check information.
Foster family homes
As noted in the Background Section of the finding, RCW 26.44.240 does state the Department must immediately remove a child, but the Department is required to recommend removal of the child to the court and receive approval prior to taking action. The court does not always rule in the Department’s favor and the child remains in the placement.
As to the specific exceptions identified, the household that completed fingerprints two days after the required 15 calendar day period was delayed due to one of the applicants last name being misspelled in the system. The applicant was turned away at their fingerprint appointment due to the misspelling causing the delay in the timeline for both members of the household. The applicant notified the Department and once the name was corrected the applicant was able to fingerprint and both applicants in the household received a “no record” result as was reported on their initial National Crime Information Center (NCIC) Code X checks prior to the emergent placement.
Auditor’s Remarks
We appreciate the Department’s commitment to resolving these matters.
The purpose of our testing was to ensure employees had a clear background check prior to them working at the group home facility. We knew that the “start date” from the Background Check System was not the first date an employee began working in the facility. During our review, we did not use the start dates in the system, but instead reviewed supporting documentation to identify the actual start dates when possible. However, the Department was unable to demonstrate whether some employees had clear background checks before working because they did not have the start date of their employment.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code § 671 - State plan for foster care and adoption assistance, specifies the federal requirements for background checks.
RCW 43.43.837, Fingerprint-based checks—Requirements for applicants and service providers—Shared background checks—Fees—Rules to establish financial responsibility.
RCW 26.44.240, Out-of-home care—Emergency placement—Criminal history record check.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks
2023-069 The Department of Children, Youth, and Families did not have adequate internal controls over reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirement: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-051
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2023, about 8,000 children were in Washington’s foster care system. In fiscal year 2023, the Department spent almost $140.5 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding number was 2022-051.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 117 lines in aggregate, and 12 (10 percent) of the lines were incorrect.
We also reviewed all four reports the Department submitted during the audit period, and we found that all of them contained inaccuracies. In total, the Department overreported its program expenditures by a total of $571,586. The Department also overstated the total number of children receiving foster care benefits by 153.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. It was found that the Department did not create accurate crosswalks to ensure reports were run properly, and although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management advised that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendations
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department partially concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department provided electronic copies of the quarterly crosswalks to SAO for the reporting period being reviewed. During a previous audit SAO recommended that the Department maintain paper copies of the crosswalks and reports to show review and approvals. The paper copies of the crosswalks notated the changes made during the review and approval process for the quarterly reports. Due to staffing and limited time available the paper copies were not reviewed and provided to SAO to clear the exceptions identified above. The incorrect crosswalk information did not have an impact on the accuracy of the data reported.
Inaccurate Reports
SAO stated the Department over reported its program expenditures by a total of $571,586. The Department does not concur with the total amount determine. The FFY22 Quarter 4 report was noted as overstated by $254,721, but the expenditures were correctly reported; however the crosswalk used as reference was documented incorrectly. As stated above the incorrect crosswalk information did not have an impact on the expenditure data reported.
As to the FFY23 Quarter 3 report, the Department has reconciled the data and determined that we over reported by $237,212. The Department will submit a correction to the federal partner during the next reporting period.
The Department will review and strengthen our internal processes in order to complete the quarterly reports accurately.
Auditor’s Remarks
We appreciate the Department’s commitment to strengthening its internal processes to complete the quarterly reports accurately.
Quarterly Crosswalks
Based on our understanding of the process, obtained from the Department, the purpose of the Crosswalks is to create guidelines for accurately completing the CB-496 reports and is one of the key internal controls the Department asserted ensured accuracy of the CB-496 reports. This key internal control was confirmed by the Department on July 26, 2023. During our compliance testing, we noted several exceptions that resulted from the inaccuracy of the crosswalks.
Inaccurate Reports
The instructions on the Crosswalk indicate certain line items should be subtracted to determine the amount to be reported. The instructions provided by the Federal Government for line 7a, In-Placement Administrative Costs – Provider and Agency Management, indicate lines 11a through 14b need to be subtracted. In the crosswalks the Department stated that only Line 13a was subtracted. Therefore, $254,721 more was reported on the CB-496 than instructions indicated.
We reaffirm our finding, and we will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
(a) Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
2023-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the Social Services Block Grant.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2202WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $8,518,020
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding. Of this amount, the Department paid about $19.8 million to providers for direct client services.
SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs and then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG.
Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to the SSBG grant to align with the Pre-Expenditure Report. The Department also said management performed a monthly reconciliation to verify the expenditures were for allowable activities and within the period of performance.
During our testing, we found the Department used the Pre-Expenditure report to identify eligible activities for the SSBG program and transferred funds accordingly. However, we found the Department did not perform monthly reconciliations to verify these expenditures were for allowable activities and within the period of performance.
We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowable, authorized, accurate and supported. We identified total provider payments of $19,767,744 that were transferred to the SSBG program during fiscal year 2023. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which are identified in the table below.
Provider payments for which the Department provided an adequate level of support
We used a statistical sampling method to randomly select and examine 118 out of a total sampling population of 16,006 payments. We also selected and examined two individually significant items.
We reviewed the supporting documentation, description of activities, and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate.
Provider payments for which the Department could not provide an adequate level of support
We were unable to perform testing on 1,102 payments totaling $8,518,020 because the Department was only able to provide summary level information. The Department was unable to provide an adequate level of support for us to determine whether the costs were for activities that were allowable, authorized, and within the period of performance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to staffing vacancies during the fiscal year, the Department did not perform monthly reconciliations to verify the expenditures were for allowable activities and within the period of performance.
In addition, the Department processed expenditure transfers at the grant level. As a result, the Department could not provide adequate level of expenditure for 43 percent of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities, and incurred during the period of performance.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit some of the federal dollars it transferred to SSBG.
We are questioning $8,518,020 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The expenditures were allowable and within the period of performance. Cost objectives within the accounting system are used to track SSBG funding. Expenditures eligible for the SSBG grant are transferred at the cost objective level and not the transaction level.
The SAO tested a sample of 16,006 payments which totaled 94% of total provider payments charged to the grant. SAO found that all payments were for activities that were supported, allowable, authorized, and accurate. SAO did not test the remaining payments, which totaled 6% of the total provider payment charged to the grant, because the transfer of expenditures were not complete at the transaction level for those payments. Those remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
The Department stated that we tested 94 percent of total provider payments charged to the grant. However, this is not accurate. We randomly selected 118 provider payments, using a statistical sampling method, that came from a population that made up 57 percent of the total amount paid to providers. We were not able to perform testing for 43 percent of the total amount paid to providers because the Department could not provide an adequate level of support for the payments.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure cash draws for the Social Services Block Grant were properly supported.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2022WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Known Questioned Cost Amount: $1,504,566
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding.
SSBG gave the Department broad flexibility to design and administer the program based on its approved SSBG Pre-Expenditure Report and Intended Use Plan. Expenditures the Department charged to SSBG during the audit period were activities initially incurred for other programs and transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report.
The Department uses the Grant Management System (GMS) to calculate draws for SSBG. GMS automatically uploads federal grant expenditures and revenues nightly from the Agency Financial Reporting System (AFRS), and it calculates cash draws on a semi-monthly basis, or as needed. GMS automatically calculates the federal grant cash draw amount by deducting revenues drawn to date from year-to-date expenditures. The Department periodically processed journal vouchers to transfer eligible expenditures to SSBG. In fiscal year 2023, the Department prepared draws twice per month on a reimbursement basis.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure cash draws for the SSBG were properly supported.
Department management said a supervisor reviewed expenditure reports from AFRS and the GMS system to ensure the cash draw for the period was supported, accurate and included expenditures incurred year to date. Management then reviewed the cash draw to ensure it was supported and accurate before requesting it.
We used a non-statistical sampling method to randomly select and examine five out of a total population of 10 cash draws to determine if they were supported by accounting records. We found one cash draw that the Department made on January 10, 2023, where the GMS-calculated draw amount was negative $4,495,434. Instead of returning the overdrawn funds, the Department made a drawdown for $1,504,566 by manually adjusting the current draw amount to be $6 million in GMS. This draw was based on the Department’s estimate that it had sufficient eligible expenditures. However, the Department did not identify eligible expenditures, and did not process an accounting adjustment to transfer eligible expenditures into SSBG until February 9, 2023, one month after the cash draw was made. We determined that management had reviewed and approved this draw, but it was not supported or accurate.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department identified $4,495,434 in costs that had been improperly charged to the SSBG grant, and then moved them to a different funding source in the accounting system on December 13, 2022, and December 22, 2022. Management estimated the Department had sufficient eligible expenditures in the accounting system to support the overdrawn amount, as well as an additional $1,504,566 cash draw. However, due to competing priorities and staffing issues, the Department did not identify eligible expenditures and transfer them to SSBG before making the draw.
Effect of Condition and Questioned Costs
By not reviewing expenditure reports, the Department could not verify whether it had sufficient eligible expenditures in the accounting system to support the draw. In addition, by not transferring eligible expenditures to the SSBG program timely, the cash drawdown was not supported by expenditures in the accounting system.
We are questioning the $1,504,566 cash draw because we cannot determine whether the manual adjustment of $6 million was for eligible costs for the SSBG program, as the Department was unable to provide an adequate level of expenditure to determine whether the costs were supported.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it only draws federal funds if they are supported in the accounting system
• Ensure management does not bypass established internal controls
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged or overdrawn for the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The expenditures drawn were allowable and within the period of performance. Cost objectives within the accounting system are used to track SSBG funding and then allowable charges are transferred to a different accounting code prior to the draws. The unit supervisor reviewed the cost objectives to verify available expenditures had been charged to support the grant draw. For the one draw in question the grant analyst was out of the office and due to a staffing shortage the transfer of expenditures was completed after the draw.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
We thank the Department for acknowledging the reconciliation of the draw amount questioned was not performed timely.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to verify whether the $6 million transfer to the SSBG grant was allowable and supported.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.32, Financial Settlement, states: The State must repay to the Department amounts found after audit resolution to have been expended improperly. In the event that repayment is not made voluntarily, the Department will undertake recovery.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
a. A State must minimize the time between the drawdown of Federal funds from the Federal government and their disbursement for Federal program purposes. A Federal Program Agency must limit a funds transfer to a State to the minimum amounts needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a Federal assistance program or project. The timing and amount of funds transfers must be as close as is administratively feasible to a State’s actual cash outlay for direct program costs and the proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A–102 (For availability, see 5 CFR 1310.3.).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-072 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the Social Services Block Grant program.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2202WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding.
The Department is required to submit annual SF-425 financial reports for each open SSBG grant. These reports contain information such as the federal grant number, the recipient organization, grant period, reporting period end date, and a summary of expenditures and revenues related to the grant during the reporting period.
The Department is also required to submit annual SSBG Post-Expenditure reports that describe how the Department expended its SSBG grant for each fiscal year. These reports include information such as:
1. The number of eligible people who received services that were fully or partially paid for with SSBG funds.
2. The amount of SSBG funds spent on providing each service.
3. The method(s) by which each service was provided, showing separately for each service provided by public agencies, private agencies, or both.
4. The criteria applied in determining eligibility for each service, such as income eligibility guidelines, sliding fee scales, the effect of public assistance benefits, and any requirements for enrollment in school or training programs.
5. The state’s definition of “child,” “adult,” and “family.”
6. Temporary Assistance for Needy Families funds transferred into SSBG
In its approved state plan, the Department has broad flexibility to design and administer the SSBG program. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Most of the expenditures charged to the SSBG program were initially incurred for other programs and transferred to the SSBG program. The Department periodically processed accounting adjustments to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program.
Financial Reporting – SF-425
We selected and examined the two SF-425 reports that the Department was required to submit in state fiscal year 2023. During the audit period, the Department processed expenditure transfers at the grant level. As a result, the Department did not identify the specific transactions, or provide the required level of supporting documentation, for 43 percent of payments to providers that were charged to the SSBG program. These transactions represented 18 percent of total SSBG expenditures. Therefore, we could not rely on the data supporting the Department’s reported SF-425 expenditures and could not determine if the reports were accurate and complete. This condition is also referenced in audit finding 2023-070.
Performance Reporting – Post-Expenditure Report
Department personnel said they reviewed and approved the Post-Expenditure Report workbook before the information was uploaded into the SSBG portal to ensure the data was complete and accurate. Department personnel then reviewed and approved the Post-Expenditure Report in the SSBG portal to ensure it was complete and accurate before management performed a final review, certified the report, and submitted it.
We selected and examined the only SSBG Post-Expenditure Report that the Department was required to submit during the audit period. We found no documented evidence that the appropriate Department personnel reviewed the Post-Expenditure Report Workbook and the SSBG Post-Expenditure Report for accuracy and completeness before management completed the final review and certification of the report.
The unsupported SF-425 expenditures identified above were also included in this report. Therefore, we could not rely on the data supporting the expenditures reported in the Department’s SSBG Post-Expenditure report and could not determine if it was accurate and complete.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said it did not review the Post-Expenditure Report Workbook and SSBG Post-Expenditure Report due to a lack of staffing.
The Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments that were used to support those adjustments.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure that expenditure amounts reported to the grantor are complete and accurate.
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible to audit some of the federal dollars it transferred to SSBG and reported on the SF-425 financial report and the SSBG Post-Expenditure report.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that management reviews reports along with supporting expenditure and revenue data to ensure completeness and accuracy
• Design and implement internal controls to ensure financial and program reports are supported with an adequate level of detail
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the SAO with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant and changes being requested prior to submission. Management reviewed the expenditure data prior to certifying and submitting the reports in the federal reporting system verifying the requested changes were made. The federal reporting system creates an email after certification which the Department shared with the SAO. The Department was unable to provide email communication between staff and management related to the approval of the changes requested as documentation of the final approval prior to management certifying the report in the federal system as requested by SAO.
SAO stated in the cause of condition that the Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments. The SAO tested a sample of 16,006 payments which totaled 94% of total provider payments charged to the grant. SAO found that all payments were for activities that were supported, allowable, authorized, and accurate. SAO did not test the remaining payments, which totaled 6% of the total provider payment charged to the grant, because the transfer of expenditures were not complete at the transaction level for those payments. Those remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
The Department stated that we tested 94 percent of total provider payments charged to the grant. However, this is not accurate. We randomly selected 118 provider payments, using a statistical sampling method, that came from a population that made up 57 percent of the total amount paid to providers. We were not able to perform testing for 43 percent of the total amount paid to providers because the Department could not provide an adequate level of support for the payments.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
A. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.74, Annual Reporting Requirements, establishes the reporting requirements for the Pre-Expenditure and Post-Expenditure program reports.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the Social Services Block Grant.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2202WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $8,518,020
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding. Of this amount, the Department paid about $19.8 million to providers for direct client services.
SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs and then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG.
Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to the SSBG grant to align with the Pre-Expenditure Report. The Department also said management performed a monthly reconciliation to verify the expenditures were for allowable activities and within the period of performance.
During our testing, we found the Department used the Pre-Expenditure report to identify eligible activities for the SSBG program and transferred funds accordingly. However, we found the Department did not perform monthly reconciliations to verify these expenditures were for allowable activities and within the period of performance.
We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowable, authorized, accurate and supported. We identified total provider payments of $19,767,744 that were transferred to the SSBG program during fiscal year 2023. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which are identified in the table below.
Provider payments for which the Department provided an adequate level of support
We used a statistical sampling method to randomly select and examine 118 out of a total sampling population of 16,006 payments. We also selected and examined two individually significant items.
We reviewed the supporting documentation, description of activities, and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate.
Provider payments for which the Department could not provide an adequate level of support
We were unable to perform testing on 1,102 payments totaling $8,518,020 because the Department was only able to provide summary level information. The Department was unable to provide an adequate level of support for us to determine whether the costs were for activities that were allowable, authorized, and within the period of performance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to staffing vacancies during the fiscal year, the Department did not perform monthly reconciliations to verify the expenditures were for allowable activities and within the period of performance.
In addition, the Department processed expenditure transfers at the grant level. As a result, the Department could not provide adequate level of expenditure for 43 percent of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities, and incurred during the period of performance.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit some of the federal dollars it transferred to SSBG.
We are questioning $8,518,020 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The expenditures were allowable and within the period of performance. Cost objectives within the accounting system are used to track SSBG funding. Expenditures eligible for the SSBG grant are transferred at the cost objective level and not the transaction level.
The SAO tested a sample of 16,006 payments which totaled 94% of total provider payments charged to the grant. SAO found that all payments were for activities that were supported, allowable, authorized, and accurate. SAO did not test the remaining payments, which totaled 6% of the total provider payment charged to the grant, because the transfer of expenditures were not complete at the transaction level for those payments. Those remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
The Department stated that we tested 94 percent of total provider payments charged to the grant. However, this is not accurate. We randomly selected 118 provider payments, using a statistical sampling method, that came from a population that made up 57 percent of the total amount paid to providers. We were not able to perform testing for 43 percent of the total amount paid to providers because the Department could not provide an adequate level of support for the payments.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure cash draws for the Social Services Block Grant were properly supported.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2022WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Known Questioned Cost Amount: $1,504,566
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding.
SSBG gave the Department broad flexibility to design and administer the program based on its approved SSBG Pre-Expenditure Report and Intended Use Plan. Expenditures the Department charged to SSBG during the audit period were activities initially incurred for other programs and transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report.
The Department uses the Grant Management System (GMS) to calculate draws for SSBG. GMS automatically uploads federal grant expenditures and revenues nightly from the Agency Financial Reporting System (AFRS), and it calculates cash draws on a semi-monthly basis, or as needed. GMS automatically calculates the federal grant cash draw amount by deducting revenues drawn to date from year-to-date expenditures. The Department periodically processed journal vouchers to transfer eligible expenditures to SSBG. In fiscal year 2023, the Department prepared draws twice per month on a reimbursement basis.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure cash draws for the SSBG were properly supported.
Department management said a supervisor reviewed expenditure reports from AFRS and the GMS system to ensure the cash draw for the period was supported, accurate and included expenditures incurred year to date. Management then reviewed the cash draw to ensure it was supported and accurate before requesting it.
We used a non-statistical sampling method to randomly select and examine five out of a total population of 10 cash draws to determine if they were supported by accounting records. We found one cash draw that the Department made on January 10, 2023, where the GMS-calculated draw amount was negative $4,495,434. Instead of returning the overdrawn funds, the Department made a drawdown for $1,504,566 by manually adjusting the current draw amount to be $6 million in GMS. This draw was based on the Department’s estimate that it had sufficient eligible expenditures. However, the Department did not identify eligible expenditures, and did not process an accounting adjustment to transfer eligible expenditures into SSBG until February 9, 2023, one month after the cash draw was made. We determined that management had reviewed and approved this draw, but it was not supported or accurate.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department identified $4,495,434 in costs that had been improperly charged to the SSBG grant, and then moved them to a different funding source in the accounting system on December 13, 2022, and December 22, 2022. Management estimated the Department had sufficient eligible expenditures in the accounting system to support the overdrawn amount, as well as an additional $1,504,566 cash draw. However, due to competing priorities and staffing issues, the Department did not identify eligible expenditures and transfer them to SSBG before making the draw.
Effect of Condition and Questioned Costs
By not reviewing expenditure reports, the Department could not verify whether it had sufficient eligible expenditures in the accounting system to support the draw. In addition, by not transferring eligible expenditures to the SSBG program timely, the cash drawdown was not supported by expenditures in the accounting system.
We are questioning the $1,504,566 cash draw because we cannot determine whether the manual adjustment of $6 million was for eligible costs for the SSBG program, as the Department was unable to provide an adequate level of expenditure to determine whether the costs were supported.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it only draws federal funds if they are supported in the accounting system
• Ensure management does not bypass established internal controls
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged or overdrawn for the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The expenditures drawn were allowable and within the period of performance. Cost objectives within the accounting system are used to track SSBG funding and then allowable charges are transferred to a different accounting code prior to the draws. The unit supervisor reviewed the cost objectives to verify available expenditures had been charged to support the grant draw. For the one draw in question the grant analyst was out of the office and due to a staffing shortage the transfer of expenditures was completed after the draw.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
We thank the Department for acknowledging the reconciliation of the draw amount questioned was not performed timely.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to verify whether the $6 million transfer to the SSBG grant was allowable and supported.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.32, Financial Settlement, states: The State must repay to the Department amounts found after audit resolution to have been expended improperly. In the event that repayment is not made voluntarily, the Department will undertake recovery.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
a. A State must minimize the time between the drawdown of Federal funds from the Federal government and their disbursement for Federal program purposes. A Federal Program Agency must limit a funds transfer to a State to the minimum amounts needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a Federal assistance program or project. The timing and amount of funds transfers must be as close as is administratively feasible to a State’s actual cash outlay for direct program costs and the proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A–102 (For availability, see 5 CFR 1310.3.).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-072 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the Social Services Block Grant program.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2202WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding.
The Department is required to submit annual SF-425 financial reports for each open SSBG grant. These reports contain information such as the federal grant number, the recipient organization, grant period, reporting period end date, and a summary of expenditures and revenues related to the grant during the reporting period.
The Department is also required to submit annual SSBG Post-Expenditure reports that describe how the Department expended its SSBG grant for each fiscal year. These reports include information such as:
1. The number of eligible people who received services that were fully or partially paid for with SSBG funds.
2. The amount of SSBG funds spent on providing each service.
3. The method(s) by which each service was provided, showing separately for each service provided by public agencies, private agencies, or both.
4. The criteria applied in determining eligibility for each service, such as income eligibility guidelines, sliding fee scales, the effect of public assistance benefits, and any requirements for enrollment in school or training programs.
5. The state’s definition of “child,” “adult,” and “family.”
6. Temporary Assistance for Needy Families funds transferred into SSBG
In its approved state plan, the Department has broad flexibility to design and administer the SSBG program. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Most of the expenditures charged to the SSBG program were initially incurred for other programs and transferred to the SSBG program. The Department periodically processed accounting adjustments to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program.
Financial Reporting – SF-425
We selected and examined the two SF-425 reports that the Department was required to submit in state fiscal year 2023. During the audit period, the Department processed expenditure transfers at the grant level. As a result, the Department did not identify the specific transactions, or provide the required level of supporting documentation, for 43 percent of payments to providers that were charged to the SSBG program. These transactions represented 18 percent of total SSBG expenditures. Therefore, we could not rely on the data supporting the Department’s reported SF-425 expenditures and could not determine if the reports were accurate and complete. This condition is also referenced in audit finding 2023-070.
Performance Reporting – Post-Expenditure Report
Department personnel said they reviewed and approved the Post-Expenditure Report workbook before the information was uploaded into the SSBG portal to ensure the data was complete and accurate. Department personnel then reviewed and approved the Post-Expenditure Report in the SSBG portal to ensure it was complete and accurate before management performed a final review, certified the report, and submitted it.
We selected and examined the only SSBG Post-Expenditure Report that the Department was required to submit during the audit period. We found no documented evidence that the appropriate Department personnel reviewed the Post-Expenditure Report Workbook and the SSBG Post-Expenditure Report for accuracy and completeness before management completed the final review and certification of the report.
The unsupported SF-425 expenditures identified above were also included in this report. Therefore, we could not rely on the data supporting the expenditures reported in the Department’s SSBG Post-Expenditure report and could not determine if it was accurate and complete.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said it did not review the Post-Expenditure Report Workbook and SSBG Post-Expenditure Report due to a lack of staffing.
The Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments that were used to support those adjustments.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure that expenditure amounts reported to the grantor are complete and accurate.
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible to audit some of the federal dollars it transferred to SSBG and reported on the SF-425 financial report and the SSBG Post-Expenditure report.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that management reviews reports along with supporting expenditure and revenue data to ensure completeness and accuracy
• Design and implement internal controls to ensure financial and program reports are supported with an adequate level of detail
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the SAO with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant and changes being requested prior to submission. Management reviewed the expenditure data prior to certifying and submitting the reports in the federal reporting system verifying the requested changes were made. The federal reporting system creates an email after certification which the Department shared with the SAO. The Department was unable to provide email communication between staff and management related to the approval of the changes requested as documentation of the final approval prior to management certifying the report in the federal system as requested by SAO.
SAO stated in the cause of condition that the Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments. The SAO tested a sample of 16,006 payments which totaled 94% of total provider payments charged to the grant. SAO found that all payments were for activities that were supported, allowable, authorized, and accurate. SAO did not test the remaining payments, which totaled 6% of the total provider payment charged to the grant, because the transfer of expenditures were not complete at the transaction level for those payments. Those remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
The Department stated that we tested 94 percent of total provider payments charged to the grant. However, this is not accurate. We randomly selected 118 provider payments, using a statistical sampling method, that came from a population that made up 57 percent of the total amount paid to providers. We were not able to perform testing for 43 percent of the total amount paid to providers because the Department could not provide an adequate level of support for the payments.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
A. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.74, Annual Reporting Requirements, establishes the reporting requirements for the Pre-Expenditure and Post-Expenditure program reports.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-083 The Department of Social and Health Services did not have adequate internal controls to ensure individuals are eligible to receive benefits for the Money Follows the Person program.
Assistance Listing Number and Title: 93.791 Money Follows the Person Rebalancing Demonstration Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 1LICMS300141-01-23
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Money Follows the Person (MFP) Rebalancing Demonstration program supports state strategies to rebalance their long-term services and supports systems from institutional to community-based care. The Roads to Community Living demonstration project is Washinton’s application of MFP. Originally funded in 2007, the program is currently projected to continue through 2027. The program is jointly administered by the Department’s Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) both serving MFP beneficiaries. Additionally, in 2013, Washington was one of five states awarded funding to participate in an MFP Tribal Initiative to work with qualified Tribes and/or Tribal Organizations to develop culturally responsive home and community-based services and to implement strategies to reduce the use of institutional care for Tribal members.
The Department must ensure that benefits are paid to, or on behalf of, individuals eligible for the program and ensure benefits are discontinued when the period of eligibility expires. Eligible individuals include those receiving Medicaid inpatient services who are interested in moving from a state institutional setting, such as a hospital, nursing home, or intermediate care facility to a qualified community setting, including an adult family home, assisted living facility, or enhanced adult residential care facility. The Department uses a combination of monthly reports, annual assessments, and internal communication forms to ensure only eligible individuals receive paid benefits on the program. Specifically, the Department’s ALTSA Long-Term Care Manual, Chapter 29; Roads to Community Living, specifies that Department staff are required to complete a Financial and Social Services Communication form 14-443, or form 15-345 if the individual is enrolled in a DDA program, to communicate the individual’s eligibility status for various program services. The Department utilizes these forms to document the commencement and discontinuation of an individual’s benefits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure individuals are eligible to receive benefits for the MFP program.
We used a statistical sampling method to randomly select and review 58 out of 2,249 individuals determined eligible to receive program benefits during the audit period. We identified four instances (7 percent) where the Department did not complete a form 14-443 or 15-345 to inform appropriate personnel of the individual’s eligibility status, and terminate the individual’s enrollment, if required.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not effectively monitor case managers to ensure that Forms 14-443 and 15-345 were completed when clients were determined eligible, or ineligible to receive assistance under the program. Department staff responsible for submitting the forms did not follow the guidance in the ALTSA Long-Term Care Manual.
Effect of Condition
By not following prescribed internal controls, the Department is at a higher risk of authorizing benefits to individuals that do not meet all eligibility requirements.
Recommendation
We recommend that the Department improve its internal controls to ensure all eligibility determinations are documented using the Department’s approved forms, in accordance with the Manual.
Department’s Response
The Department partially agrees with the finding.
We agree 14-443s were not provided to terminate the individuals’ enrollment. However, in all exceptions identified, the 14-443 Communication was made in accordance with existing Nursing Facility Case Management policy as defined in Chapter 10 of the Long-Term Care manual. In addition, all clients met eligibility criteria for Roads to Community Living (RCL) services or converted to another Home and Community Based program within the 365-day RCL demonstration year limitation, despite the RCL disenrollment date’s absence on the 14-443 communication.
In these cases, the client converted to a state plan or waiver and this new program’s start date was provided on the 14-443. For Modified Adjusted Grose Income (MAGI) participants, 14-443 Communications are not required, as this form is a communication tool for Public Benefit Specialists. MAGI enrolled Medicaid participants’ benefits are managed by the Health Care Authority, and therefore a 14-443 Communication detailing the RCL Demonstration start, and projected end date is not managed or worked by a Public Benefits Specialist. This MAGI beneficiary communication detail was not articulated in the Roads to Community Living chapter of the LTC Manual.
Effective April 30, 2024, Chapter 29 of the Long-Term Care Manual will be updated to clarify instructions related to when a 14-443 must be completed as it relates to MAGI participants and what needs to be included on the form when the 14-443 is required.
Auditor’s Remarks
Prior to performing our testing, we held meetings with the Department to gain an understanding of their internal controls regarding eligibility for the MFP program. The Department provided documentation of policies and procedures that they determined were applicable to eligibility for the program, but did not include Chapter 10 of the Long-Term Care manual. Based on the information and documentation that the Department provided, we identified their key internal controls related to program eligibility. The Department confirmed the controls we identified were correct, and they stated, in part, that form 14-443 must be completed at the time of transition to a community setting and disenrollment. The confirmed key controls did not include alternative methods for MAGI participants.
We reaffirm our finding and appreciate the Department's commitment to resolving this matter. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Department of Social and Health Services, Aging and Long-Term Support Administration (ALTSA) Long-Term Care Manual, Chapter 29 – Roads to Community Living, states in part:
Authorizing RCL Services for HCS clients
As soon as the participant transitions from the institution:
9. Using the 14-443, notify the Public Benefits Specialist of the discharge date from the nursing facility and complete the RCL portions of 14-443, including the RCL 365 day end date, which is located in the RCL Enroll/Disenroll screen. (Reminder: the RCL 365 day end date needs to match the RCL RAC end date)
At the conclusion of the participant’s 365 day demonstration period, the Case Manager/Case Resource Manager:
5. Notify the PBS on a DSHS 14-443 (for HCS/AAA) or a DSHS 15-345 (for DDA) in Barcode and include:
a. The date of the disenrollment from RCL services.
b. The program the participant is functionally eligible for (state plan/Medicaid waiver).
c. The setting of the services (in-home, AFH, etc.)
d. Update the address, if necessary.
Authorizing RCL Services for Individuals Enrolled in DDA
When the participant is approaching discharge from the facility, the DDA Case Resource Manager (CRM) shall:
• Notify the financial worker that the individual is an RCL participant on the RCL version of the DSHS 15-345 in Barcode and include the following:
a. The date of discharge from the institutional setting onto RCL services
b. The setting that RCL services will take place (in-home, AFH, etc.)
c. The new address
d. A request to complete the Authorized Representative (AREP) screen in ACES per normal procedures so the CRM can receive the financial letters.
2. A request that the financial worker open a waiver program in ACES.
What Are the Case Worker’s Responsibilities With the RCL Program?
RCL services for all participants must end by day 366 (on or before day 365). At that time, they must be transitioned to the waiver or state plan services available to them based on their financial and functional eligibility.
How Do I Disenroll an RCL Participant?
4. Notify the Public Benefits Specialist using Form 14-443 (HCS/AAA) or a DSHS 15-345 (DDA) in Barcode and include:
a. The date of the disenrollment from RCL services.
Which program the participant is functionally eligible for (state plan/waiver) and the start date for this new program (if applicable).
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-011 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-34801-20-55-A-53
AA-36352-21-55-A-53
AA-38562-22-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers, and youth. In fiscal year 2023, the Department spent about $69.7 million in WIOA federal funding, including about $65 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 20 WIOA subawards and amendments that were required to be reported in fiscal year 2023, totaling $52,126,097.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the WIOA grant.
The Department does not have written procedures over this reporting process. During the audit period, Department officials said that management reviews the reports to ensure they are accurate and submitted timely. However, there was no documentation to demonstrate the reviews occurred.
During the audit period, the Department was required to report 20 subawards totaling about $52 million of program funds that was awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine seven out of the total population of 20 subawards. We found:
• Two out of seven subawards (29 percent), totaling $94,618, were not reported in FSRS.
• The other five subawards (71 percent), totaling $23,067,323, had the incorrect subaward obligation/action dates, and we were unable to determine if they were submitted timely.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have procedures in place to ensure management’s review was documented and effective, reports were retained when submitted, and FSRS login credentials were retained with staff changes. The manager responsible for reviewing this report is no longer with the Department. This person was the only staff with FSRS login credentials for the subawards we tested, so other Department officials were not able to log into the system to see when the subawards were submitted.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports timely and accurately
• Establish policies and procedures for filing reports
• Provide training for employees who prepare the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has implemented procedures to ensure reports are submitted timely, reviewed and submission dates are documented. Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-011 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-34801-20-55-A-53
AA-36352-21-55-A-53
AA-38562-22-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers, and youth. In fiscal year 2023, the Department spent about $69.7 million in WIOA federal funding, including about $65 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 20 WIOA subawards and amendments that were required to be reported in fiscal year 2023, totaling $52,126,097.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the WIOA grant.
The Department does not have written procedures over this reporting process. During the audit period, Department officials said that management reviews the reports to ensure they are accurate and submitted timely. However, there was no documentation to demonstrate the reviews occurred.
During the audit period, the Department was required to report 20 subawards totaling about $52 million of program funds that was awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine seven out of the total population of 20 subawards. We found:
• Two out of seven subawards (29 percent), totaling $94,618, were not reported in FSRS.
• The other five subawards (71 percent), totaling $23,067,323, had the incorrect subaward obligation/action dates, and we were unable to determine if they were submitted timely.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have procedures in place to ensure management’s review was documented and effective, reports were retained when submitted, and FSRS login credentials were retained with staff changes. The manager responsible for reviewing this report is no longer with the Department. This person was the only staff with FSRS login credentials for the subawards we tested, so other Department officials were not able to log into the system to see when the subawards were submitted.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports timely and accurately
• Establish policies and procedures for filing reports
• Provide training for employees who prepare the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has implemented procedures to ensure reports are submitted timely, reviewed and submission dates are documented. Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-011 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-34801-20-55-A-53
AA-36352-21-55-A-53
AA-38562-22-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers, and youth. In fiscal year 2023, the Department spent about $69.7 million in WIOA federal funding, including about $65 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 20 WIOA subawards and amendments that were required to be reported in fiscal year 2023, totaling $52,126,097.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the WIOA grant.
The Department does not have written procedures over this reporting process. During the audit period, Department officials said that management reviews the reports to ensure they are accurate and submitted timely. However, there was no documentation to demonstrate the reviews occurred.
During the audit period, the Department was required to report 20 subawards totaling about $52 million of program funds that was awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine seven out of the total population of 20 subawards. We found:
• Two out of seven subawards (29 percent), totaling $94,618, were not reported in FSRS.
• The other five subawards (71 percent), totaling $23,067,323, had the incorrect subaward obligation/action dates, and we were unable to determine if they were submitted timely.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have procedures in place to ensure management’s review was documented and effective, reports were retained when submitted, and FSRS login credentials were retained with staff changes. The manager responsible for reviewing this report is no longer with the Department. This person was the only staff with FSRS login credentials for the subawards we tested, so other Department officials were not able to log into the system to see when the subawards were submitted.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports timely and accurately
• Establish policies and procedures for filing reports
• Provide training for employees who prepare the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has implemented procedures to ensure reports are submitted timely, reviewed and submission dates are documented. Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-011 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-34801-20-55-A-53
AA-36352-21-55-A-53
AA-38562-22-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers, and youth. In fiscal year 2023, the Department spent about $69.7 million in WIOA federal funding, including about $65 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 20 WIOA subawards and amendments that were required to be reported in fiscal year 2023, totaling $52,126,097.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the WIOA grant.
The Department does not have written procedures over this reporting process. During the audit period, Department officials said that management reviews the reports to ensure they are accurate and submitted timely. However, there was no documentation to demonstrate the reviews occurred.
During the audit period, the Department was required to report 20 subawards totaling about $52 million of program funds that was awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine seven out of the total population of 20 subawards. We found:
• Two out of seven subawards (29 percent), totaling $94,618, were not reported in FSRS.
• The other five subawards (71 percent), totaling $23,067,323, had the incorrect subaward obligation/action dates, and we were unable to determine if they were submitted timely.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have procedures in place to ensure management’s review was documented and effective, reports were retained when submitted, and FSRS login credentials were retained with staff changes. The manager responsible for reviewing this report is no longer with the Department. This person was the only staff with FSRS login credentials for the subawards we tested, so other Department officials were not able to log into the system to see when the subawards were submitted.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports timely and accurately
• Establish policies and procedures for filing reports
• Provide training for employees who prepare the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has implemented procedures to ensure reports are submitted timely, reviewed and submission dates are documented. Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-034 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $378,206
Prior Year Audit Finding: Yes, Finding 2022-025
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identifies the amount of funds the Office must distribute to its LEAs on a formula basis, as well as the amount it can set aside for administration and other state-level activities. The Office was awarded $8,433,118 for the fiscal year 2021 IDEA Preschool Grant. From this award, $2,222,340 was earmarked to be spent on state-level activities. This is split between administrative costs of up to $444,468 and other state-level activities for the remaining amount.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program. The prior finding number was 2022-025.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program.
During the audit period, the Office did not accurately track expenditures for administration and other state-level activities. For the life of the grant, the Office spent $2,600,340 on other state-level activities, which exceeded the maximum by $378,206. As a result, we are questioning the $378,206 as unallowable state-level costs.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Although management were aware of the required earmarks, the Office did not address identified variances in the spending plan for them. This was due in part to staff changes within the program that led to inconsistencies in tracking expenditures of the earmarked funds.
Effect of Condition and Questioned Costs
Without adequate internal controls, the Office cannot ensure that it meets the grant’s earmarking requirements. By not complying with the grant’s earmarking requirements, the Office improperly spent $378,206 on activities that exceeded the allowable earmarked amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Office:
• Improve internal controls to ensure it does not exceed the maximum allowable amounts that are earmarked for administration and other state-level activities
• Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. When special education fiscal leadership transitioned in 2021, the incoming director identified necessary changes in agency procedures for closing out the fiscal year for special education. Since that time, the following internal controls have been fully implemented to ensure spending plans do not exceed the maximum allowable amounts earmarked for administration and other state-level activities:
1. At the beginning of the fiscal year, the Director of Operations/Budget Analysis meet to review the criteria for spending plans.
2. Copies of GAN and Grants to States Summary Table and Preschool Grants to States Summary Table are shared with the Budget Analysis.
3. Director of Operations/Budget Analysis meet to review the GAN and Grants to States Summary Table and Preschool Grants to States Summary Table.
4. Director of Operations/Budget Analysis meet to review spending plan and update the maximum allowable amounts earmarked for administration and other state-level activities in the spending plan.
5. Maximum allowable amounts earmarked for administration and other state-level activities are reviewed throughout the fiscal year.
6. Director of Operations/Budget Analysis meet weekly to review spending plan.
7. Spending Plan updated as requests are received.
8. Monthly expenditure reports are produced and during weekly meetings, Director of Operations/Budget Analysis review expenditures.
These internal controls have contributed to increased communication and partnership between the Director of Operations/Budget Analysis. With implementing these consistent controls, we can ensure that maximum allowable amounts that are earmarked for administration and other state-level activities will meet compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 34 CFR Part 300, Assistance to States for the Education of Children with Disabilities, states in part:
Section 300.812 Reservation for State activities, states:
a. Each State may reserve not more than the amount described in paragraph (b) of this section for administration and other State-level activities in accordance with §§ 300.813 and 300.814.
b. For each fiscal year, the Secretary determined and reports to the SEA an amount that is 25% of the amount the State received under section 619 of the Act for fiscal year 1997 cumulatively adjusted by the secretary for each succeeding fiscal year by the lesser of –
1. The percentage increase, if any, from the preceding fiscal year in the State’s allocation under section 619 of the Act; or
2. The rate of inflation, as measured by the percentage increase, if any, from the preceding fiscal year in the Consumer Price Index for All Urban Consumers, published by the Bureau of Labor Statistics to the Department of Labor.
Section 300.813 State administration, states:
a. For the purpose of administering section 619 of the Act (including the coordination of activities under Part B with the Act with, and providing technical assistance to, other programs that provide services to children with disabilities), a State may use not more than 20 percent of the maximum amount the State may reserve under § 300.812 for any fiscal year.
b. Funds described in paragraph (a) of this section may also be used for the administration of Part C of the Act.
Section 300.814 Other State-level activities.
Each State must use any funds the State reserves under § 300.812 and does not use for administration under § 300.813 –
a. For support services (including establishing and implementing the mediation process required by section 615€ of the Act), which may benefit children with disabilities younger than three or older than five as long as those services also benefit children with disabilities aged three through five;
b. For direct services for children eligible for services under section 619 of the Act;
c. For activities at the State and local levels to meet the performance goals established by the State under section 612(a)(15) of the Act;
d. To supplement other funds used to develop and implement a statewide coordinated services system designed to improve results for children and families, including children with disabilities and their families, but not more than one percent of the amount received under section 619 of the Act for a fiscal year;
e. To provide early intervention services (which must include an educational component that promotes school readiness and incorporates preliteracy, language, and numeracy skills) in accordance with Part C of the Act to children with disabilities who are eligible for services under section 619 of the Act and who previously received services under Part C of the Act until such children enter, or are eligible under State law to enter, kindergarten; or
f. At the State's discretion, to continue service coordination or case management for families who receive services under Part C of the Act, consistent with § 300.814(e)
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-035 The Office of Superintendent of Public Instruction improperly charged $42,265 to the Special Education Cluster.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $42,265
Prior Year Audit Finding: No
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identified that obligations charged to the fiscal year 2021 Special Education grants must be liquidated within 120 days after the budget period ended on September 30, 2022.
Description of Condition
The Office improperly charged $42,265 to the Special Education Cluster.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. However, we examined two charges that were coded to the fiscal year 2021 Special Education grants after the liquidation period ended. We reviewed the supporting documentation for each expenditure to ensure it was allowable and took place during the period of performance. We found that both charges were recorded after the liquidation period for services and purchases that occurred during the period of performance.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2021 IDEA, Part B grants after the liquidation period ended, and did not request a late liquidation from the U.S Department of Education.
Effect of Condition and Questioned Costs
We identified $42,265 in questioned costs that were paid outside the program’s period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
OSPI has established internal controls to address allowable periods for journal vouchers (corrections). The correction cycle will be aligned with federally established liquidation periods. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum
• Complete expenditure corrections within the grant liquidation period
• Liquidation is done on the last business day of January (or 120 days after the budget period ends)
• Submit late liquidation requests to the appropriate federal point of contact, as needed
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2021 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H173A200074 and H027A200074 as July 1, 2018, through September 30, 2021.
Title 20 United States Code 1225(b), Section 421(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months
2023-036 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074 – 20A; H027A210074 – 21A; H027A220074 – 21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-026
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and it passed about $278 million of that funding through to LEAs and all nine educational service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office provided training to ESDs on the new monitoring manual for them. It also updated the ESD contracts to reflect monitoring activities that would start during the 2022–23 school year. Documentation for these monitoring activities is not required to be submitted until February 2024. Since the Office did not plan to review monitoring until March 2024, it did not perform risk assessments of any ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. In April 2022, OSPI Special Education division revised and expended the form package that Educational Service Districts (ESDs) need to submit as part of year-end reporting. Additionally, ESDs are required to respond to a services of questions and provide applicable documentation for contracts and procurement, time and effort process and reports, documentation for professional development expenditures, and year-end expenditure reports.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to an onsite visit if deemed necessary.
In March 2023 the Special Education Office finalized the Fiscal Monitoring Procedures Handbook for ESDs. The following timeline has been developed for full implementation of the corrective actions:
• ESDs are required to upload documentation by February 1, 2024.
• The Special Education Office will complete reviews of submitted documents and issue reports to ESDs by February 2024. Reports will identify any required of recommended corrective actions.
• The Special Education Office will issue final reports to ESDs within 60 calendar days after documentation review by March 2024.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-034 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $378,206
Prior Year Audit Finding: Yes, Finding 2022-025
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identifies the amount of funds the Office must distribute to its LEAs on a formula basis, as well as the amount it can set aside for administration and other state-level activities. The Office was awarded $8,433,118 for the fiscal year 2021 IDEA Preschool Grant. From this award, $2,222,340 was earmarked to be spent on state-level activities. This is split between administrative costs of up to $444,468 and other state-level activities for the remaining amount.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program. The prior finding number was 2022-025.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program.
During the audit period, the Office did not accurately track expenditures for administration and other state-level activities. For the life of the grant, the Office spent $2,600,340 on other state-level activities, which exceeded the maximum by $378,206. As a result, we are questioning the $378,206 as unallowable state-level costs.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Although management were aware of the required earmarks, the Office did not address identified variances in the spending plan for them. This was due in part to staff changes within the program that led to inconsistencies in tracking expenditures of the earmarked funds.
Effect of Condition and Questioned Costs
Without adequate internal controls, the Office cannot ensure that it meets the grant’s earmarking requirements. By not complying with the grant’s earmarking requirements, the Office improperly spent $378,206 on activities that exceeded the allowable earmarked amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Office:
• Improve internal controls to ensure it does not exceed the maximum allowable amounts that are earmarked for administration and other state-level activities
• Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. When special education fiscal leadership transitioned in 2021, the incoming director identified necessary changes in agency procedures for closing out the fiscal year for special education. Since that time, the following internal controls have been fully implemented to ensure spending plans do not exceed the maximum allowable amounts earmarked for administration and other state-level activities:
1. At the beginning of the fiscal year, the Director of Operations/Budget Analysis meet to review the criteria for spending plans.
2. Copies of GAN and Grants to States Summary Table and Preschool Grants to States Summary Table are shared with the Budget Analysis.
3. Director of Operations/Budget Analysis meet to review the GAN and Grants to States Summary Table and Preschool Grants to States Summary Table.
4. Director of Operations/Budget Analysis meet to review spending plan and update the maximum allowable amounts earmarked for administration and other state-level activities in the spending plan.
5. Maximum allowable amounts earmarked for administration and other state-level activities are reviewed throughout the fiscal year.
6. Director of Operations/Budget Analysis meet weekly to review spending plan.
7. Spending Plan updated as requests are received.
8. Monthly expenditure reports are produced and during weekly meetings, Director of Operations/Budget Analysis review expenditures.
These internal controls have contributed to increased communication and partnership between the Director of Operations/Budget Analysis. With implementing these consistent controls, we can ensure that maximum allowable amounts that are earmarked for administration and other state-level activities will meet compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 34 CFR Part 300, Assistance to States for the Education of Children with Disabilities, states in part:
Section 300.812 Reservation for State activities, states:
a. Each State may reserve not more than the amount described in paragraph (b) of this section for administration and other State-level activities in accordance with §§ 300.813 and 300.814.
b. For each fiscal year, the Secretary determined and reports to the SEA an amount that is 25% of the amount the State received under section 619 of the Act for fiscal year 1997 cumulatively adjusted by the secretary for each succeeding fiscal year by the lesser of –
1. The percentage increase, if any, from the preceding fiscal year in the State’s allocation under section 619 of the Act; or
2. The rate of inflation, as measured by the percentage increase, if any, from the preceding fiscal year in the Consumer Price Index for All Urban Consumers, published by the Bureau of Labor Statistics to the Department of Labor.
Section 300.813 State administration, states:
a. For the purpose of administering section 619 of the Act (including the coordination of activities under Part B with the Act with, and providing technical assistance to, other programs that provide services to children with disabilities), a State may use not more than 20 percent of the maximum amount the State may reserve under § 300.812 for any fiscal year.
b. Funds described in paragraph (a) of this section may also be used for the administration of Part C of the Act.
Section 300.814 Other State-level activities.
Each State must use any funds the State reserves under § 300.812 and does not use for administration under § 300.813 –
a. For support services (including establishing and implementing the mediation process required by section 615€ of the Act), which may benefit children with disabilities younger than three or older than five as long as those services also benefit children with disabilities aged three through five;
b. For direct services for children eligible for services under section 619 of the Act;
c. For activities at the State and local levels to meet the performance goals established by the State under section 612(a)(15) of the Act;
d. To supplement other funds used to develop and implement a statewide coordinated services system designed to improve results for children and families, including children with disabilities and their families, but not more than one percent of the amount received under section 619 of the Act for a fiscal year;
e. To provide early intervention services (which must include an educational component that promotes school readiness and incorporates preliteracy, language, and numeracy skills) in accordance with Part C of the Act to children with disabilities who are eligible for services under section 619 of the Act and who previously received services under Part C of the Act until such children enter, or are eligible under State law to enter, kindergarten; or
f. At the State's discretion, to continue service coordination or case management for families who receive services under Part C of the Act, consistent with § 300.814(e)
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-035 The Office of Superintendent of Public Instruction improperly charged $42,265 to the Special Education Cluster.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $42,265
Prior Year Audit Finding: No
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identified that obligations charged to the fiscal year 2021 Special Education grants must be liquidated within 120 days after the budget period ended on September 30, 2022.
Description of Condition
The Office improperly charged $42,265 to the Special Education Cluster.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. However, we examined two charges that were coded to the fiscal year 2021 Special Education grants after the liquidation period ended. We reviewed the supporting documentation for each expenditure to ensure it was allowable and took place during the period of performance. We found that both charges were recorded after the liquidation period for services and purchases that occurred during the period of performance.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2021 IDEA, Part B grants after the liquidation period ended, and did not request a late liquidation from the U.S Department of Education.
Effect of Condition and Questioned Costs
We identified $42,265 in questioned costs that were paid outside the program’s period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
OSPI has established internal controls to address allowable periods for journal vouchers (corrections). The correction cycle will be aligned with federally established liquidation periods. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum
• Complete expenditure corrections within the grant liquidation period
• Liquidation is done on the last business day of January (or 120 days after the budget period ends)
• Submit late liquidation requests to the appropriate federal point of contact, as needed
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2021 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H173A200074 and H027A200074 as July 1, 2018, through September 30, 2021.
Title 20 United States Code 1225(b), Section 421(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months
2023-036 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074 – 20A; H027A210074 – 21A; H027A220074 – 21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-026
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and it passed about $278 million of that funding through to LEAs and all nine educational service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office provided training to ESDs on the new monitoring manual for them. It also updated the ESD contracts to reflect monitoring activities that would start during the 2022–23 school year. Documentation for these monitoring activities is not required to be submitted until February 2024. Since the Office did not plan to review monitoring until March 2024, it did not perform risk assessments of any ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. In April 2022, OSPI Special Education division revised and expended the form package that Educational Service Districts (ESDs) need to submit as part of year-end reporting. Additionally, ESDs are required to respond to a services of questions and provide applicable documentation for contracts and procurement, time and effort process and reports, documentation for professional development expenditures, and year-end expenditure reports.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to an onsite visit if deemed necessary.
In March 2023 the Special Education Office finalized the Fiscal Monitoring Procedures Handbook for ESDs. The following timeline has been developed for full implementation of the corrective actions:
• ESDs are required to upload documentation by February 1, 2024.
• The Special Education Office will complete reviews of submitted documents and issue reports to ESDs by February 2024. Reports will identify any required of recommended corrective actions.
• The Special Education Office will issue final reports to ESDs within 60 calendar days after documentation review by March 2024.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-034 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $378,206
Prior Year Audit Finding: Yes, Finding 2022-025
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identifies the amount of funds the Office must distribute to its LEAs on a formula basis, as well as the amount it can set aside for administration and other state-level activities. The Office was awarded $8,433,118 for the fiscal year 2021 IDEA Preschool Grant. From this award, $2,222,340 was earmarked to be spent on state-level activities. This is split between administrative costs of up to $444,468 and other state-level activities for the remaining amount.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program. The prior finding number was 2022-025.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program.
During the audit period, the Office did not accurately track expenditures for administration and other state-level activities. For the life of the grant, the Office spent $2,600,340 on other state-level activities, which exceeded the maximum by $378,206. As a result, we are questioning the $378,206 as unallowable state-level costs.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Although management were aware of the required earmarks, the Office did not address identified variances in the spending plan for them. This was due in part to staff changes within the program that led to inconsistencies in tracking expenditures of the earmarked funds.
Effect of Condition and Questioned Costs
Without adequate internal controls, the Office cannot ensure that it meets the grant’s earmarking requirements. By not complying with the grant’s earmarking requirements, the Office improperly spent $378,206 on activities that exceeded the allowable earmarked amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Office:
• Improve internal controls to ensure it does not exceed the maximum allowable amounts that are earmarked for administration and other state-level activities
• Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. When special education fiscal leadership transitioned in 2021, the incoming director identified necessary changes in agency procedures for closing out the fiscal year for special education. Since that time, the following internal controls have been fully implemented to ensure spending plans do not exceed the maximum allowable amounts earmarked for administration and other state-level activities:
1. At the beginning of the fiscal year, the Director of Operations/Budget Analysis meet to review the criteria for spending plans.
2. Copies of GAN and Grants to States Summary Table and Preschool Grants to States Summary Table are shared with the Budget Analysis.
3. Director of Operations/Budget Analysis meet to review the GAN and Grants to States Summary Table and Preschool Grants to States Summary Table.
4. Director of Operations/Budget Analysis meet to review spending plan and update the maximum allowable amounts earmarked for administration and other state-level activities in the spending plan.
5. Maximum allowable amounts earmarked for administration and other state-level activities are reviewed throughout the fiscal year.
6. Director of Operations/Budget Analysis meet weekly to review spending plan.
7. Spending Plan updated as requests are received.
8. Monthly expenditure reports are produced and during weekly meetings, Director of Operations/Budget Analysis review expenditures.
These internal controls have contributed to increased communication and partnership between the Director of Operations/Budget Analysis. With implementing these consistent controls, we can ensure that maximum allowable amounts that are earmarked for administration and other state-level activities will meet compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 34 CFR Part 300, Assistance to States for the Education of Children with Disabilities, states in part:
Section 300.812 Reservation for State activities, states:
a. Each State may reserve not more than the amount described in paragraph (b) of this section for administration and other State-level activities in accordance with §§ 300.813 and 300.814.
b. For each fiscal year, the Secretary determined and reports to the SEA an amount that is 25% of the amount the State received under section 619 of the Act for fiscal year 1997 cumulatively adjusted by the secretary for each succeeding fiscal year by the lesser of –
1. The percentage increase, if any, from the preceding fiscal year in the State’s allocation under section 619 of the Act; or
2. The rate of inflation, as measured by the percentage increase, if any, from the preceding fiscal year in the Consumer Price Index for All Urban Consumers, published by the Bureau of Labor Statistics to the Department of Labor.
Section 300.813 State administration, states:
a. For the purpose of administering section 619 of the Act (including the coordination of activities under Part B with the Act with, and providing technical assistance to, other programs that provide services to children with disabilities), a State may use not more than 20 percent of the maximum amount the State may reserve under § 300.812 for any fiscal year.
b. Funds described in paragraph (a) of this section may also be used for the administration of Part C of the Act.
Section 300.814 Other State-level activities.
Each State must use any funds the State reserves under § 300.812 and does not use for administration under § 300.813 –
a. For support services (including establishing and implementing the mediation process required by section 615€ of the Act), which may benefit children with disabilities younger than three or older than five as long as those services also benefit children with disabilities aged three through five;
b. For direct services for children eligible for services under section 619 of the Act;
c. For activities at the State and local levels to meet the performance goals established by the State under section 612(a)(15) of the Act;
d. To supplement other funds used to develop and implement a statewide coordinated services system designed to improve results for children and families, including children with disabilities and their families, but not more than one percent of the amount received under section 619 of the Act for a fiscal year;
e. To provide early intervention services (which must include an educational component that promotes school readiness and incorporates preliteracy, language, and numeracy skills) in accordance with Part C of the Act to children with disabilities who are eligible for services under section 619 of the Act and who previously received services under Part C of the Act until such children enter, or are eligible under State law to enter, kindergarten; or
f. At the State's discretion, to continue service coordination or case management for families who receive services under Part C of the Act, consistent with § 300.814(e)
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-035 The Office of Superintendent of Public Instruction improperly charged $42,265 to the Special Education Cluster.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $42,265
Prior Year Audit Finding: No
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identified that obligations charged to the fiscal year 2021 Special Education grants must be liquidated within 120 days after the budget period ended on September 30, 2022.
Description of Condition
The Office improperly charged $42,265 to the Special Education Cluster.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. However, we examined two charges that were coded to the fiscal year 2021 Special Education grants after the liquidation period ended. We reviewed the supporting documentation for each expenditure to ensure it was allowable and took place during the period of performance. We found that both charges were recorded after the liquidation period for services and purchases that occurred during the period of performance.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2021 IDEA, Part B grants after the liquidation period ended, and did not request a late liquidation from the U.S Department of Education.
Effect of Condition and Questioned Costs
We identified $42,265 in questioned costs that were paid outside the program’s period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
OSPI has established internal controls to address allowable periods for journal vouchers (corrections). The correction cycle will be aligned with federally established liquidation periods. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum
• Complete expenditure corrections within the grant liquidation period
• Liquidation is done on the last business day of January (or 120 days after the budget period ends)
• Submit late liquidation requests to the appropriate federal point of contact, as needed
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2021 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H173A200074 and H027A200074 as July 1, 2018, through September 30, 2021.
Title 20 United States Code 1225(b), Section 421(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months
2023-036 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074 – 20A; H027A210074 – 21A; H027A220074 – 21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-026
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and it passed about $278 million of that funding through to LEAs and all nine educational service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office provided training to ESDs on the new monitoring manual for them. It also updated the ESD contracts to reflect monitoring activities that would start during the 2022–23 school year. Documentation for these monitoring activities is not required to be submitted until February 2024. Since the Office did not plan to review monitoring until March 2024, it did not perform risk assessments of any ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. In April 2022, OSPI Special Education division revised and expended the form package that Educational Service Districts (ESDs) need to submit as part of year-end reporting. Additionally, ESDs are required to respond to a services of questions and provide applicable documentation for contracts and procurement, time and effort process and reports, documentation for professional development expenditures, and year-end expenditure reports.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to an onsite visit if deemed necessary.
In March 2023 the Special Education Office finalized the Fiscal Monitoring Procedures Handbook for ESDs. The following timeline has been developed for full implementation of the corrective actions:
• ESDs are required to upload documentation by February 1, 2024.
• The Special Education Office will complete reviews of submitted documents and issue reports to ESDs by February 2024. Reports will identify any required of recommended corrective actions.
• The Special Education Office will issue final reports to ESDs within 60 calendar days after documentation review by March 2024.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-034 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $378,206
Prior Year Audit Finding: Yes, Finding 2022-025
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identifies the amount of funds the Office must distribute to its LEAs on a formula basis, as well as the amount it can set aside for administration and other state-level activities. The Office was awarded $8,433,118 for the fiscal year 2021 IDEA Preschool Grant. From this award, $2,222,340 was earmarked to be spent on state-level activities. This is split between administrative costs of up to $444,468 and other state-level activities for the remaining amount.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program. The prior finding number was 2022-025.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program.
During the audit period, the Office did not accurately track expenditures for administration and other state-level activities. For the life of the grant, the Office spent $2,600,340 on other state-level activities, which exceeded the maximum by $378,206. As a result, we are questioning the $378,206 as unallowable state-level costs.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Although management were aware of the required earmarks, the Office did not address identified variances in the spending plan for them. This was due in part to staff changes within the program that led to inconsistencies in tracking expenditures of the earmarked funds.
Effect of Condition and Questioned Costs
Without adequate internal controls, the Office cannot ensure that it meets the grant’s earmarking requirements. By not complying with the grant’s earmarking requirements, the Office improperly spent $378,206 on activities that exceeded the allowable earmarked amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Office:
• Improve internal controls to ensure it does not exceed the maximum allowable amounts that are earmarked for administration and other state-level activities
• Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. When special education fiscal leadership transitioned in 2021, the incoming director identified necessary changes in agency procedures for closing out the fiscal year for special education. Since that time, the following internal controls have been fully implemented to ensure spending plans do not exceed the maximum allowable amounts earmarked for administration and other state-level activities:
1. At the beginning of the fiscal year, the Director of Operations/Budget Analysis meet to review the criteria for spending plans.
2. Copies of GAN and Grants to States Summary Table and Preschool Grants to States Summary Table are shared with the Budget Analysis.
3. Director of Operations/Budget Analysis meet to review the GAN and Grants to States Summary Table and Preschool Grants to States Summary Table.
4. Director of Operations/Budget Analysis meet to review spending plan and update the maximum allowable amounts earmarked for administration and other state-level activities in the spending plan.
5. Maximum allowable amounts earmarked for administration and other state-level activities are reviewed throughout the fiscal year.
6. Director of Operations/Budget Analysis meet weekly to review spending plan.
7. Spending Plan updated as requests are received.
8. Monthly expenditure reports are produced and during weekly meetings, Director of Operations/Budget Analysis review expenditures.
These internal controls have contributed to increased communication and partnership between the Director of Operations/Budget Analysis. With implementing these consistent controls, we can ensure that maximum allowable amounts that are earmarked for administration and other state-level activities will meet compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 34 CFR Part 300, Assistance to States for the Education of Children with Disabilities, states in part:
Section 300.812 Reservation for State activities, states:
a. Each State may reserve not more than the amount described in paragraph (b) of this section for administration and other State-level activities in accordance with §§ 300.813 and 300.814.
b. For each fiscal year, the Secretary determined and reports to the SEA an amount that is 25% of the amount the State received under section 619 of the Act for fiscal year 1997 cumulatively adjusted by the secretary for each succeeding fiscal year by the lesser of –
1. The percentage increase, if any, from the preceding fiscal year in the State’s allocation under section 619 of the Act; or
2. The rate of inflation, as measured by the percentage increase, if any, from the preceding fiscal year in the Consumer Price Index for All Urban Consumers, published by the Bureau of Labor Statistics to the Department of Labor.
Section 300.813 State administration, states:
a. For the purpose of administering section 619 of the Act (including the coordination of activities under Part B with the Act with, and providing technical assistance to, other programs that provide services to children with disabilities), a State may use not more than 20 percent of the maximum amount the State may reserve under § 300.812 for any fiscal year.
b. Funds described in paragraph (a) of this section may also be used for the administration of Part C of the Act.
Section 300.814 Other State-level activities.
Each State must use any funds the State reserves under § 300.812 and does not use for administration under § 300.813 –
a. For support services (including establishing and implementing the mediation process required by section 615€ of the Act), which may benefit children with disabilities younger than three or older than five as long as those services also benefit children with disabilities aged three through five;
b. For direct services for children eligible for services under section 619 of the Act;
c. For activities at the State and local levels to meet the performance goals established by the State under section 612(a)(15) of the Act;
d. To supplement other funds used to develop and implement a statewide coordinated services system designed to improve results for children and families, including children with disabilities and their families, but not more than one percent of the amount received under section 619 of the Act for a fiscal year;
e. To provide early intervention services (which must include an educational component that promotes school readiness and incorporates preliteracy, language, and numeracy skills) in accordance with Part C of the Act to children with disabilities who are eligible for services under section 619 of the Act and who previously received services under Part C of the Act until such children enter, or are eligible under State law to enter, kindergarten; or
f. At the State's discretion, to continue service coordination or case management for families who receive services under Part C of the Act, consistent with § 300.814(e)
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-035 The Office of Superintendent of Public Instruction improperly charged $42,265 to the Special Education Cluster.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $42,265
Prior Year Audit Finding: No
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identified that obligations charged to the fiscal year 2021 Special Education grants must be liquidated within 120 days after the budget period ended on September 30, 2022.
Description of Condition
The Office improperly charged $42,265 to the Special Education Cluster.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. However, we examined two charges that were coded to the fiscal year 2021 Special Education grants after the liquidation period ended. We reviewed the supporting documentation for each expenditure to ensure it was allowable and took place during the period of performance. We found that both charges were recorded after the liquidation period for services and purchases that occurred during the period of performance.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2021 IDEA, Part B grants after the liquidation period ended, and did not request a late liquidation from the U.S Department of Education.
Effect of Condition and Questioned Costs
We identified $42,265 in questioned costs that were paid outside the program’s period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
OSPI has established internal controls to address allowable periods for journal vouchers (corrections). The correction cycle will be aligned with federally established liquidation periods. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum
• Complete expenditure corrections within the grant liquidation period
• Liquidation is done on the last business day of January (or 120 days after the budget period ends)
• Submit late liquidation requests to the appropriate federal point of contact, as needed
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2021 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H173A200074 and H027A200074 as July 1, 2018, through September 30, 2021.
Title 20 United States Code 1225(b), Section 421(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months
2023-036 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074 – 20A; H027A210074 – 21A; H027A220074 – 21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-026
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and it passed about $278 million of that funding through to LEAs and all nine educational service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office provided training to ESDs on the new monitoring manual for them. It also updated the ESD contracts to reflect monitoring activities that would start during the 2022–23 school year. Documentation for these monitoring activities is not required to be submitted until February 2024. Since the Office did not plan to review monitoring until March 2024, it did not perform risk assessments of any ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. In April 2022, OSPI Special Education division revised and expended the form package that Educational Service Districts (ESDs) need to submit as part of year-end reporting. Additionally, ESDs are required to respond to a services of questions and provide applicable documentation for contracts and procurement, time and effort process and reports, documentation for professional development expenditures, and year-end expenditure reports.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to an onsite visit if deemed necessary.
In March 2023 the Special Education Office finalized the Fiscal Monitoring Procedures Handbook for ESDs. The following timeline has been developed for full implementation of the corrective actions:
• ESDs are required to upload documentation by February 1, 2024.
• The Special Education Office will complete reviews of submitted documents and issue reports to ESDs by February 2024. Reports will identify any required of recommended corrective actions.
• The Special Education Office will issue final reports to ESDs within 60 calendar days after documentation review by March 2024.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-002 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N2020; 227WAWA3N2020
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. The Office spent about $45.5 million in federal funds, more than $44.8 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping, and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require the Office to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial and performance reports, and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The federal grantor, the U.S. Department of Agriculture (USDA), requires states to monitor subrecipients at least once every three years. During the COVID-19 pandemic, the USDA granted a gap year and subsequently provided the Office with a waiver reducing the monitoring frequency to once every four years. Based on the waiver and a total of 503 active subrecipients during fiscal year 2023, the Office was required to monitor at least 125 subrecipients.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the CACFP.
During the audit period, the Office identified 239 subrecipients that required monitoring and assigned them to a monitoring plan for fiscal year 2023. This monitoring plan would meet the USDA’s minimum required monitoring of 125 subrecipients, as well as allow the Office to catch up on all monitoring that was behind schedule since the pandemic gap year.
We examined the Office’s review schedule and quality assurance tool to assess the monitoring completed or started during the audit period and compared it to this plan. We identified 84 reviews that were started during the audit period, but only 50 of them were completed. We found that the program did not start or perform monitoring for 155 subrecipients (65 percent) in its plan, including:
• 115 subrecipients (48 percent) that the program postponed until fiscal year 2024.
• Eight subrecipients (3 percent) misidentified in the plan because they no longer participated in the program.
We examined a sample of 17 subrecipients that received financial and programmatic monitoring by the Office during the audit period, to ensure they were performed properly. We found all 17 subrecipients received adequate monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to the pandemic and gap year during 2020 where no monitoring was completed, the Office fell significantly behind schedule on its minimum required monitoring of subrecipients. The program has more than 500 subrecipients, some requiring monitoring annually depending on various risk criteria. The program was understaffed, which presented a significant obstacle for the Office to get its monitoring plan back on schedule.
Effect of Condition
Without establishing adequate internal controls, the Office cannot reasonably ensure that it can meet the minimum monitoring requirements imposed by the federal grantor or maintain the schedule identified by an internal monitoring plan. In addition, without proper and timely monitoring of financial and programmatic performance, the Office does not have reasonable assurance that each subrecipient has complied with the terms and conditions of the subaward.
Recommendations
We recommend the Office strengthen internal controls to ensure it monitors subrecipients according to the grantor’s minimum requirements and other federal regulations.
Office’s Response
Multiple staff vacancies were a significant contributor to the Office not completing the planned monitoring.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title 2 CFR) Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-003 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N2020; 227
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. The Office spent about $45.5 million in federal funds, more than $44.8 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number and title, obligation amounts, project periods, and more. When some of this information is not available, the pass-through entity must provide the best information available to describe the federal award and subaward. In addition, pass-through entities must impose requirements on subrecipients so that they use the program funds in accordance with federal statutes, regulations, and the terms and conditions of the federal award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to CACFP subrecipients.
We identified 291 nonprofit subrecipients of the program who were paid with federal funds during fiscal year 2023 and were subject to the Uniform Guidance requirements. We examined the various methods that the Office used to communicate the required federal award identification elements to subrecipients. These methods included periodic permanent agreements, an annual application process, and program communications during the current program year. We found that these methods did not constitute official subawards and did not properly communicate all federal award elements, terms and conditions, and other federal award requirements to the subrecipient.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management responsible for ensuring compliance were not familiar with subrecipient monitoring requirements. As a result, management did not know that the program must identify and communicate the federal award identification elements to subrecipients, and that permanent agreements and annual application renewals do not constitute or substitute for a formal subaward.
Effect of Condition
Without proper identification and communication of the federal award, the Office cannot properly notify subrecipients about the required federal award elements, nor impose requirements so the subrecipients use the federal award in accordance with its terms and conditions, federal statutes, and regulations. Further, the Office cannot impose any additional requirements of the pass-through entity on the subrecipient to meet its own responsibilities to the federal awarding agency, as well as other requirements as specified in the Uniform Guidance.
Recommendations
We recommend the Office:
• Establish policies and procedures to ensure subawards are clearly identified as a subaward and communicate all required information according to the Uniform Guidance
• Establish internal controls to formally communicate federal award information and requirements to subrecipients
• Consult with the grantor for additional guidance on subrecipient monitoring requirements
Office’s Response
The Office concurs with the finding.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-004 The Office of Superintendent of Public Instruction did not have internal controls over and did not comply with requirements to verify single audits were completed for all subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N2020; 227WAWA3N2020
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. In fiscal year 2023, the Office spent about $45.5 million in federal funds, more than $44.8 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping, and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require the Office to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient for applicable audit findings pertaining to the federal award
Federal regulation requires recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have internal controls over and did not comply with requirements to verify single audits were completed for all CACFP subrecipients.
The Office had processes in place to monitor that subrecipients received single audits. During the audit period, the Office had 503 CACFP subrecipients, and 47 of them were local education agencies (LEAs), or school districts. The Office’s federal compliance staff had a centralized process for LEAs to ensure they received the required audits, and we found these controls were effective.
For the 456 subrecipients that were not LEAs, the Office used information in the Federal Audit Clearinghouse (FAC) to identify subrecipients requiring a single audit. If a subrecipient that required a single audit did not complete or file its audit report timely, then the information in the FAC database would lead the Office to erroneous conclusions. As a result, we determined that the Office did not have adequate controls to identify all subrecipients that required a single audit.
We also determined the Office did not have adequate documentation that this single audit tracking process was completed during the audit period. We identified 62 subrecipients in this documentation that program staff compiled from the FAC database, and we used a statistical sampling method to randomly select and examine 12 of those subrecipients. We also judgmentally selected one subrecipient that had a program-related finding during the audit period, for a total of 13 testing samples. We found that one of these subrecipients required a single audit, but did not complete or did not submit its audit report during the audit period. The Office did not have any record that staff followed up with this subrecipient regarding the missing audit report.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The program staff responsible for the single audit tracking process retired, and the Office could not determine if the process was completed during the audit period. In addition, management was not aware that using the FAC database did not provide reasonable assurance that the Office identified all subrecipients requiring a single audit.
Effect of Condition
Without establishing adequate internal controls, the Office cannot ensure that all subrecipients requiring a single audit receive one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure it identifies all subrecipients requiring single audits and follows up on any program-related findings, if applicable
• Follow up with the subrecipient we identified as not having an audit to ensure it obtains its required single audit
Office’s Response
The Office concurs with the finding.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Audit findings, establishes requirements for pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-005 The Office of Superintendent of Public Instruction did not have adequate internal controls over and was not compliant with requirements to perform risk assessments for subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N2020; 227WAWA3N2020
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. In fiscal year 2023, the Office spent about $45.5 million in federal funds, more than $44.8 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping, and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the Office and operate as an independent center.
Federal regulations require the Office to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Office to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and was not compliant with requirements to perform risk assessments for subrecipients of the CACFP.
As part of the audit, we requested the Office to identify the key internal controls it had in place to ensure it complied with the requirement to perform risk assessments for subrecipients. However, we determined the Office did not perform formal risk assessments, as required by federal law.
We consider these internal control deficiencies to be a material weakness that lead to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The program staff were not aware of the Uniform Guidance requirements to perform risk assessments and were relying on their other program monitoring that followed USDA guidance to identify risks for subrecipients.
Effect of Condition
Without performing risk assessments, the Office cannot determine the appropriate amount of monitoring required for each subrecipient. It also makes it less likely the Office will detect a subrecipient’s noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Recommendation
We recommend that the Office establishes adequate internal controls to ensure it performs risk assessments for each subrecipient to determine the appropriate level of monitoring.
Office’s Response
The Office believed it was meeting risk assessment requirements per USDA guidance. After discussion with the SAO regarding requirements in the Uniform Guidance, additional areas will be addressed to ensure compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Audit findings, establishes requirements for pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-006 The Employment Security Department made improper payments to ineligible beneficiaries of the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed, Eligibility
Known Questioned Cost Amount: $603
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to people for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
In 2020, the U.S. Department of Labor (DOL) established new unemployment compensation programs, including Pandemic Unemployment Assistance (PUA), to provide additional unemployment assistance benefits to eligible workers affected by the COVID-19 pandemic. These programs were extended and modified through the American Rescue Plan Act of 2021.
Under the temporary programs, which expired on September 6, 2021, states must process and pay benefits to eligible people for all weeks of unemployment ending on or before the date of termination or eligibility expiration (whichever comes first). People eligible for PUA included those not eligible for regular unemployment compensation, such as people who have already exhausted their regular UI benefits, are self-employed, seeking part-time employment, or lack sufficient work history. The first week in which claimants were eligible to receive PUA benefits began on January 27, 2020.
During the pandemic, people applying for PUA benefits were required to self-certify that they were unemployed, partially unemployed, or unable or unavailable to work due to COVID-19. However, in January 2021, DOL announced a change to federal law through Unemployment Insurance Program Letter (UIPL) 16-20, Change 4. This change required that people receiving PUA benefits on or after December 27, 2020, submit proof of documentation to the state substantiating their employment, self-employment, or planned start of employment or self-employment in order to receive their benefits, regardless of when their benefits are actually paid. This includes people requesting retroactive payments of PUA benefits that are not received until after December 27, 2020.
Description of Condition
The Department did not ensure that payments were made only to eligible beneficiaries of the UI program.
We found the Department had adequate internal controls to ensure it paid UI benefits to eligible people, and it materially complied with the federal requirements. However, we identified questioned costs for benefits awarded to PUA claimants.
We used a statistical sampling method to randomly select and examine 78 out of a total population of 20,447 claims for weekly PUA benefits. For these claims, the Department was required to determine the eligibility of each claimant to receive benefits, including verifying proof of employment, self-employment, or planned start of employment or self-employment.
We found three instances (5.1 percent) where the Department paid weekly benefits without requesting and reviewing documentation from the claimant substantiating employment, self-employment, or planned start of employment or self-employment, as required by the federal grantor. These three claims resulted in $603 in known overpayments of PUA benefits by the Department, as each claim was paid after December 27, 2020, and during our audit period.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials did not correctly interpret the guidance outlined in the UIPL change to reflect that claimants were required to provide documentation substantiating proof of employment or self-employment in order to receive payments from the state after December 27, 2020. The Department did not request documentation from PUA claimants to substantiate employment prior to paying the claims.
Effect of Condition and Questioned Costs
We identified $603 in known federal questioned costs and $208,975 in likely federal questioned costs. We considered these questioned costs because the people receiving the benefit payments did not meet all the program’s eligibility requirements at the time of payment.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Verify people applying for PUA benefits have met all eligibility requirements before issuing weekly benefit payments
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department does not concur with the finding.
The State Auditor’s Office asserts the Department incorrectly interpreted guidance outlined in the UIPL regarding PUA benefit eligibility requirements. However, citing the UIPL below:
UIPL 16-20 change 4
2. Requirement to submit documentation substantiating employment or self-employment (Section 241 of the Continued Assistance Act) (new).
The first full paragraph of section C.2. of attachment I, UIPL 16-20 change 4 says that:
“Anyone that receives a payment of PUA on or after December 27, 2020, (the enactment date of the Continued Assistance Act) will be required to submit documentation substantiating employment or self-employment, or the planned commencement of employment or self-employment.” [emphasis added]
Under this guidance, the claimant had to first have been issued a payment after the Continued Assistant Act (CAA) became effective (regardless of the week or weeks the payment(s) were for) before the Department could set the issue to request the documentation.
In the exceptions noted by SAO, the first claimant wasn’t paid at all until 2023. Once the payment was issued to the claimant, the PUA Documents Required (PDR) issue was properly set. In the second, the claimant received some payments before 12/27/20 and then had other payment stops on her claim that were not removed until 2023. The removal of those payment stops triggered a payment for the remaining weeks claimed. Because those payments were made after 12/27/20, the PDR issue was set.
Under the same section, item c. limits the date the Department can start the denial for failing to comply with the PDR issue:
c. Failure to Comply. Individuals who do not provide documentation substantiating employment/self-employment (or planned employment/self-employment) within the required timeframe, as described above, are not eligible for PUA. For DUA, if the individual fails to submit documentation substantiating employment or self-employment, the state must establish an overpayment for the entire DUA claim, per 20 C.F.R. 625.6(e)(2). However, as provided in Section 241(b)(2) of the Continued Assistance Act, for PUA, if the individual fails to submit such documentation, the state may only establish an overpayment for those weeks of unemployment ending on or after December 27, 2020 (the enactment date of the Continued Assistance Act).
For example, an individual has a PUA claim effective on November 1, 2020, and files and is paid for weeks of unemployment ending November 7, 2020, through weeks ending January 9, 2021. Because the individual received a payment for PUA after December 27, 2020, the state must notify the individual on January 4, 2021, about the requirement to provide documentation substantiating employment/self-employment (or planned employment/self-employment) within 90 days (by April 4, 2021).
If, in that timeframe, the individual fails to provide documentation or fails to show good cause to have the deadline extended, an overpayment must be established for all the weeks paid beginning with the week ending January 2, 2021. This is because the individual cannot be deemed ineligible for a week of unemployment ending before the date of enactment solely for failure to submit documentation (emphasis added).
In the cases reviewed, the claimants did not respond to the issue or provide their documentation. Because the denial is limited to only claimed weeks following the enactment of the CAA (weeks ending 1/2/21 and later), any weeks from 2020 that were paid in 2023 had no potential for denial and therefore should not be considered to be incorrectly paid, similar to the example given above from the UIPL.
If addition, if claimants never claimed a week ending after the CAA was effective, the PDR issue will set but never be adjudicated because they had never claimed a week that was potentially deniable.
In discussions with SAO, the Office cited paragraph b(ii) of the UIPL, to indicate that any claims paid by the State on or after 12/27/2020 require the claimant to provide documentation substantiating employment or self-employment within 90 days of payment, or when directed to submit the documentation by the state workforce agency, whichever is later. This section of the UIPL solely lays out the requirements for establishing the respond-by dates for providing documentation for review. The deadline for responses is different depending on whether the PUA claim was filed before 1/26/21 or on/after that date. This paragraph does not establish the requirements for payment or non-payment of PUA weeks.
Additionally, the Department received further guidance in a webinar with USDOL on Monday, January 11, 2021, which reinforced the methodology used by the Department in these cases.
Auditor’s Remarks
For the claimants in question, we did not receive any documentation from the Department demonstrating that a request was sent to the claimant to provide supporting documentation substantiating employment, nor was there evidence provided that the claims in-question were suspended due to missing documentation from the claimants.
Federal guidance contained in Attachment I to UIPL 16-20, Change 4 – Pandemic Unemployment Assistance (PUA) Implementation and Operating Instructions stipulates the following:
“Anyone that receives a payment of PUA on or after December 27, 2020, (the enactment date of the Continued Assistance Act) will be required to submit documentation substantiating employment or self-employment, or the planned commencement of employment or self-employment. This includes any individual who receives any payment of PUA on or after December 27, even if the payment is for a week of unemployment that occurred before December 27, 2020. The deadline for providing such documentation depends on when the individual filed the initial PUA claim.
• Filing New Applications for PUA on or after January 31, 2021. Individuals filing a new PUA application on or after January 31, 2021 (regardless of whether the claim is backdated), are required to provide documentation within 21 days of application or the date the individual is directed to submit the documentation by the State Agency, whichever is later. The deadline may be extended if the individual has shown good cause under state UC law within 21 days.
• Filing Continued Claims for PUA. Individuals who have an existing PUA claim as of December 27, 2020, (the enactment date of the Continued Assistance Act) or who file a new initial PUA claim before January 31, 2021, and who receive PUA on or after December 27, 2020, must provide documentation within 90 days of the application date or the date the individual is instructed to provide such documentation by the state agency (whichever date is later).”
We questioned these payments due to the Department not receiving any supporting documentation substantiating employment or self-employment from these claimants during the audit period, and failing to establish overpayment notices to the claimants during the audit period. For all three payments in-question, the claimant filed for PUA prior to December 27, 2020, and therefore would have been required to submit supporting documentation substantiating employment to the Department within 90 days, or as directed by the Department.
Because the Department did not receive supporting documentation from the claimants for these benefit weeks during the audit period, we could not determine that the payments were allowable and that the claimants met the PUA eligibility requirements for their benefit weeks paid.
We reaffirm our finding and will follow-up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
E. Eligibility
1. Eligibility for Individuals
a. PUA – PUA provides benefits to covered individuals, who are those individuals not eligible for regular unemployment compensation (UC or extended benefits under state or federal law or PEUC, including those who have exhausted all rights to such benefits). Covered individuals also include self-employed, those seeking part-time employment, individuals lacking sufficient work history, and those who otherwise do not qualify for regular unemployment compensation or extended benefits under state or federal law or PEUC.
PUA is payable to individuals who are ineligible for regular UC, EB, or PEUC and are unemployed, partially unemployed, or unable or unavailable to work due to one of the COVID-19 related reasons identified in Attachment I to UIPL No. 16-20, Change 6. Section 2102(a)(3)(A)(ii)(I) of the CARES Act included 10 specific COVID-19 related reasons. The Department, under the authority provided by Section 2102(a)(3)(A)(ii)(I)(kk) of the CARES Act, added additional COVID-19 related reasons three new COVID-19 related reasons with the publication of UIPL No. 16-20, Change 5 on February 25, 2021. All COVID-19 related reasons apply retroactively to the beginning of the PUA program. Additionally, individuals who are paid on or after December 27, 2020, must submit proof of documentation substantiating employment, self-employment, or the planned commencement of employment or self-employment (see Attachment I, Section C.2. of UIPL No. 16-20, Change 4). This includes individuals requesting retroactive payments that are not received until after December 27, 2020.
2023-007 The Employment Security Department did not have adequate internal controls to ensure it submitted accurate financial reports for the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53; UI-34748-20-55-A-53; UI-35682-21-55-A-53; UI-35977-21-60-A-53;
UI-37098-21-55-A-53; UI-37256-22-55-A-53;
UI-37313-22-55-A-53; UI-38013-22-60-A-53;
UI-38163-22-55-A-53;UI-38511-22-55-A-53;
UI-38580-22-75-A-53; UI-39303-23-55-A-53;
UI-39355-23-55-A-53; UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to people for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than
$1.1 billion in unemployment insurance benefits to people in Washington.
The Unemployment Insurance Reports Handbook No. 401 – published by the U.S. Department of Labor (DOL), Employment and Training Administration, Office of Unemployment Insurance – outlines the requirements for states to submit financial and performance reports to the federal government so it can evaluate their UI programs. The ETA 9130 – Financial Status Report is submitted quarterly, and is used to report program and administrative expenditures for UI programs. This financial data is reported cumulatively and separately for regular UI programs, as well as Pandemic Emergency Unemployment Compensation, Pandemic Unemployment Assistance, Disaster Unemployment Assistance, Trade Readjustment Assistance, and Reemployment Trade Adjustment Assistance. The Department requires fiscal analysts to prepare these reports, and grants management reviews and approves the reports before submitting them to DOL.
Additionally, the Department is required to submit to DOL the ETA 2112 – UI Financial Transaction Summary. This report provides a monthly summary of UI transactions that accounts for all funds received in, passed through or paid out of the state unemployment fund. The Department’s Assistant Treasury Supervisor is responsible for preparing these reports, and the Treasurer reviews the reports for accuracy and certifies them before they are submitted to DOL.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure it submitted accurate financial reports for the UI program.
During fiscal year 2023, the Department was required to submit 104 quarterly ETA 9130 financial reports to DOL. We used a non-statistical sampling method to randomly select and examine 15 reports. We found that five of the 15 reports (33 percent) were not certified by the Grants Manager before they were submitted to DOL.
In addition, the Department was required to submit 12 monthly ETA 2112 financial reports to DOL. We used a non-statistical sampling method to randomly select and examine five reports. We found one of the five reports (20 percent) was not reviewed and approved by the Treasurer before it was submitted to DOL.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials said that the Grants Manager responsible for reviewing the ETA 9130 reports for accuracy resigned during the audit period, prior to the due date of the five reports that were not certified. As a result, the Department submitted these reports without a secondary review.
Department officials said that the Treasurer discussed the ETA 2112 report with the Assistant Treasury Supervisor as fiscal analysts prepared the draft. However, the Treasurer did not document their approval of the report, and the Department did not retain any documentation supporting that the Treasurer reviewed and certified the report.
Effect of Condition
When management does not follow the Department’s established internal controls to ensure that all required financial reports are accurate, the Department is at an increased risk of inaccurately reporting financial data to the federal grantor.
Recommendation
We recommend the Department improve internal controls to ensure that management properly reviews and certifies all required financial reports before they are submitted to the federal grantor. This should include maintaining records to show that management completed these reviews.
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the UI grant.
The Department has implemented procedures to ensure reports are reviewed prior to submission, and submission dates and approvals are documented.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
L. Reporting
1. Financial Reporting
d. ETA 9130, Financial Status Report, UI Programs – This report is used to report program and administrative expenditures. All ETA grantees are required to submit quarterly financial reports for each grant award which they operate, including standard program and pilot, demonstration, and evaluation projects. Financial data is required to be reported cumulatively from grant inception through the end of each reporting period. Additional information on OMB Number 1205-0461 can be accessed at http://www.dol.gov/agencies/eta/grants/management and scroll down to the section on Financial Reporting. A separate ETA 9130 is submitted for each of the following: UI, PEUC, and PUA Administration, DUA, TRA/RTAA, and UI Projects (administration and benefits). See TEGL No. 02-16 for specific and clarifying instructions about the ETA 9130 https://wdr.doleta.gov/directives/corr_doc.cfm?DOCN=5156.
ETA 2112, UI Financial Transaction Summary (OMB No. 1205-0154) – A monthly summary of transactions, which account for all funds received in, passed through, or paid out of the state unemployment fund (ET Handbook 401).
2023-008 The Employment Security Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-005
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Employment Security Department administers the UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
The Unemployment Insurance Reports Handbook No. 401—published by the U.S. Department of Labor (DOL), Employment and Training Administration, Office of Unemployment Insurance – outlines the requirements for states to submit financial and performance reports to the federal government so it can evaluate their UI programs. The ETA 9055 – Appeals Case Aging – Lower and Higher Authority Appeals report (OMB No. 1205-0359) is submitted monthly, and it provides information on the inventory of lower and higher-authority single claimant appeals cases that have been filed in court but not yet decided. These reports provide the federal government with information about the number of days from the date an appeal was filed through the end of the month covered by the report, as well as the average and median age of the pending appeals cases. The Department prepares this report using data obtained through interagency data-sharing agreements with the Washington State Office of Administrative Hearings and the Washington State Administrative Office of the Courts.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the UI Program. The prior finding number was 2022-005.
Description of Condition
The Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the UI program.
During fiscal year 2023, the Department was required to submit monthly ETA 9055 performance reports to DOL. The Department did not require or perform a secondary review of the reports before submitting them. A single Department employee manually prepared the information contained in the reports and submitted them to the federal grantor, and no one verified they were accurate and complete before submission.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
Although Department officials said they implemented a secondary review of the 9055 report in May 2023, management did not monitor the completion of these reports throughout the audit period to determine whether internal controls would be sufficient to detect and correct any potential data entry errors. In addition, management relied on staff knowledge and other agencies to provide accurate and complete information.
Effect of Condition
By not establishing adequate internal controls to ensure monthly performance reports are complete and accurate, the Department is at an increased risk of inaccurately reporting data to the federal grantor.
Recommendation
We recommend the Department implement internal controls to ensure it has an effective review process in place before submitting monthly reports to the federal grantor.
Department’s Response
The Department concurs with the finding and thanks the State Auditor’s Office for its work over this area.
The Department immediately implemented the secondary review of these reports in response to a prior year finding over this issue. However, the recommendation from the prior year and the Department’s implementation occurred after the new state fiscal year had begun. The Department expects the control to be in place and functioning for the entire year in our next audit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Labor, Employment and Training Administration, Office of Unemployment Insurance, Unemployment Insurance Reports Handbook No. 401, Section V: Benefits Time Lapse and Quality, states in part:
ETA 9055 – APPEALS CASE AGING
Section V-5
1. General Reporting Instructions
Appeals Case Aging measures require states to report data on the universe of all single claimant appeals cases that have not been decided prior to the end of the reporting period. Edit checks can be found in Handbook 402, Unemployment Insurance Required Reports User’s Manual, Appendix C.
4. Pending Lower Authority Single Claimant Appeals Case Aging.
I. Includes all lower authority single claimant appeals cases, including those remanded by the higher authority for a hearing and decision reopened appeals cases not decided at the end of the month.
5. Pending Higher Authority Single Claimant Appeals Case Aging.
a. Includes all higher authority single claimant appeals cases, including remanded and reopened appeals cases, not decided at the end of the month. An appeals case that has been remanded to the lower authority for additional evidence and will be returned to the higher authority for a decision is reported in this inventory. An appeals case that has been remanded to the lower authority for a new hearing and decision is not a pending higher authority appeals case and should not be counted as such.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
L. Reporting
2. Performance Reporting
States are required to submit periodic reporting to evaluate the performance of the states’ UI programs. The auditor should test the information included in the key reports included below that ensure the timeliness of benefits paid. Detailed information on these reports can be accessed under:
https://www.dol.gov/sites/dolgov/files/ETA/handbooks/2017/ETHand401_5th.pdf
2023-009 The Employment Security Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the Benefit Accuracy Measurement program of the Unemployment Insurance program in a timely manner.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53; UI-34748-20-55-A-53;
UI-35682-21-55-A-53; UI-35977-21-60-A-53;
UI-37098-21-55-A-53; UI-37256-22-55-A-53;
UI-37313-22-55-A-53; UI-38013-22-60-A-53;
UI-38163-22-55-A-53; UI-38511-22-55-A-53;
UI-38580-22-75-A-53; UI-39303-23-55-A-53;
UI-39355-23-55-A-53; UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: UI Benefits Payments
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-006
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Improper Payment Elimination and Recovery Act of 2010 requires state workforce agencies to maintain a quality control system. The Benefits Accuracy Measurement (BAM) program is the U.S. Department of Labor’s quality control system designed to assess the accuracy of unemployment insurance benefit payments and denied claims in separation status. The program estimates error rates and dollar amounts of benefits improperly paid or denied by projecting the results from investigations in a state.
The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
Under the BAM program, the Department is required to draw a weekly sample of payments and denied claims. The Department must complete this sampling promptly and conduct an in-depth investigation of the claims to determine the degree of accuracy in administering the state’s Unemployment Compensation program and compliance with federal law (20 CFR 602.21(d)). The Department has established a dedicated BAM unit to meet these requirements.
The Benefit Accuracy Measurement State Operations Handbook, which is published by the U.S. Department of Labor’s Employment and Training Administration, indicates the time frame and requirements for conducting BAM program case sampling for paid claims. States must complete reviews of:
• 70 percent of the sampled cases within 60 days of the week ending date of the batch; and
• 95 percent of the sampled cases within 90 days of the week ending date of the batch; and
• 98 percent of sampled cases within 120 days of the ending date of the annual report period.
In addition, states must sample denied claims and review:
• 60 percent of the sampled cases within 60 days of the week ending date of the batch; and
• 85 percent of the sampled cases within 90 days of the week ending date of the batch; and
• 98 percent of the sampled cases within 120 days of the end of the calendar year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported that the Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner. The prior finding numbers were 2022-006, 2021-005 and 2020-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner.
The Department did not effectively recruit, develop and retain staff to ensure it materially complied with the BAM program’s case review requirements.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not adequately staff its BAM unit with resources sufficient to meet BAM program requirements. Management did not allocate sufficient resources to the BAM unit, and did not effectively retain its investigative staff assigned to the BAM unit to support its minimum required caseload.
Effect of Condition
The Department did not comply with the federally required timelines for completing its case sampling. For paid claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling for paid claims. The Department completed 472 of the required 480 samples.
• Completed only 425 (90.4 percent) of its 472 sampled cases within 90 days of the week ending date of the batch, failing to meet the federal requirement of 95 percent
• Completed only 446 (94.5 percent) of its 472 sampled cases within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98 percent
We also found the Department failed to complete the minimum required annual allocation for sampling for denied claims. The Department completed 436 of the required 450 samples for the annual allocation.
By not complying with the federally required timelines for completing case sampling, the Department cannot fully evaluate the accuracy of its claim decisions and is less likely to detect fraudulent payments.
Recommendation
We recommend the Department allocate the necessary staffing resources to ensure it complies with the U.S. Department of Labor’s timelines for BAM case sampling.
Department’s Response
The Department concurs with the finding and recommendation and thanks the State Auditor’s Office for its work to ensure the Department meets case sampling requirements.
Historically, the Benefit Accuracy Measurement (BAM) unit has been challenged to maintain full levels of staffing. Staff turnover, long training requirements, and unique skill sets make these positions difficult to maintain. The Department continues to hire, develop, and retain staff to fully meet USDOL requirements.
The Department further continues to partner and frequently communicate with the U.S. Department of Labor (USDOL) Regional Offices to discuss staffing and training models. The Quality Assurance Manager and the Case Review Supervisor are committed to routinely monitoring caseload, workload, and the overall assurance of meeting the BAM operations performance goals and measures as set forth by USDOL.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 CFR Part 602, Quality Control in the Federal-State Unemployment Insurance System, section 21, Standard methods and procedures, establishes the requirements for states to conduct representative case sampling for quality control study of unemployment benefit claims, which state in part:
§602.21 Standard methods and procedures.
Each State shall:
a. Perform the requirements of this section in accordance with instructions issued by the Department, pursuant to 602.30(a) of this part, to ensure standardization of methods and procedures in a manner consistent with this part;
b. Select representative samples for QC study of at least a minimum size specified by the Department to ensure statistical validity (for benefit payments, a minimum of 400 cases of week paid per State per year);
c. Complete prompt and in-depth case investigations to determine the degree of accuracy and timeliness in the administration of the State UC law and Federal programs with respect to benefit determinations, benefit payments, and revenue collections; and conduct other measurements and studies necessary or appropriate for carrying out the purposes of this part;
d. Furnish information and reports to the Department, including weekly transmissions of case data entered into the automated QC system and annual reports, without, in any manner, identifying individuals to whom such data pertain;
The U.S. Department of Labor, Employment and Training Administration Benefit Accuracy Measurement State Operations Handbook – ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 13: Completion of Cases and Timely Data Entry, states in part:
The following time limits are established for completion of all cases for the year. (The “year” includes all batches of weeks ending in the calendar year.):
• A minimum of 70 percent of cases must be completed within 60 days of the week ending date of the batch, and 95 percent of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98 percent of cases for the year must be completed within 120 days of the week ending date of the calendar year.
ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 12: Sampling Selection, states in part:
The annual sample size for UI paid claims and the three types of denials are fixed by DOL for the calendar year. BAM supervisors may change the weekly sample sizes in the input control record to accommodate investigator vacation schedule or other staffing contingencies. However, state are expected to pull at least the minimum number of cases each week. States may not over sample during a portion of the year in order to meet the annual sample allocation and then suspend sampling for the remainder of the calendar year. The minimum weekly and quarterly samples, based on current annual sample allocations are:
*Allocation for ten smallest states in terms of UI workload.
** 150 cases each of monetary, separation, and non-separation denials will be selected each year, for a total of 450 DCA cases.
ET Handbook No. 395, 5th Edition, Chapter VIII – Denied Claims Accuracy (DCA), Section 7: Completion of DCA Cases and Timely Data Entry, states in part:
As in paid claims, prompt completion of investigations is important to ensure the integrity of the information being collected by questioning claimant and employers before the passage of time adversely affects recollections. However, due to the fact that contacting the claimant and obtaining claimant information is more difficult than in paid claims, the timeliness standards differ as the following indicates:
• A minimum of 60 percent of cases must be completed within 60 days of the week ending date of the batch, and 85 percent of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98 percent of cases for the year must be completed within 120 days of the ending date of the Calendar Year.
2023-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure staff providing those services received required training.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Reemployment Programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA)
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor.
According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and are in need of job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices.
In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning duration of unemployment claims, earnings, and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5 percent of people with the highest WPRS scores.
The Department’s UI staff oversee the RESEA program, which includes participating in the planning, administration and oversight of the program, providing appropriate training to staff conducting applicant eligibility reviews, completing individual reemployment plans, and providing information and access to career and reemployment services, including referrals to other services. All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules, and agency policies once a year. Staff are required, by Department policy to take an intensive training before providing reemployment services to claimants, as well as take an annual refresher training once a year. Training includes information regarding job search requirements, reporting requirements, and UI eligibility assessments. In addition, all staff working with RESEA participants must be trained to detect and report potential issues to the UI claims center.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the Department profiled all claimants under the UI program, to identify those likely to need reemployment services and ensure staff providing reemployment services received required training.
Identification for People Eligible for Reemployment Services
The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits.
The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5 percent of claimants with the highest score. A random score was assigned to the remaining 95 percent of claimants. The random score assignment did not provide adequate assurance that those people most likely to exhaust benefits were prioritized to receive reemployment services.
To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that were determined by the Department to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score.
The Department has not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had ever been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits.
To test whether the UTAB system correctly determined and assigned coefficients based on the claimant attributes, we created four test scenarios containing specific attributes and the expected assigned coefficient value. The UTAB system did not assign the expected coefficient value for three of the 10 attributes. Department officials did not know how the system determined and assigned the coefficient value for these three attributes or why the value did not agree to the system reference tables. Therefore, we cannot conclude whether the assigned values for these three coefficients or the profile score assigned based on the coefficients are accurate.
In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure that all files sent to RAS were received and processed. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements.
Employee Training
The Department uses a tracking report to monitor the status of completed training for each RESEA employee. However, the Department did not adequately monitor to ensure staff who administered RESEA services to clients took required training.
We used a statistical sampling method to randomly select and examine 55 out of a total population of 441 employees that Department officials said were available to provided RESEA services during fiscal year 2023. We examined records for all RESEA training courses completed by these employees and found that the Department did not have documentation evidencing that two employees (3.6 percent) completed annual RESEA training during the audit period. Both employees administered RESEA appointments to claimants during the audit period. We also found three employees (5.5 percent) were missing from the Department’s tracking report, and four additional employees completed a training course that was not listed on the report.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Identification for People Eligible for Reemployment Services
During the implementation of the RCT, the Department did not monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits.
Department management asserted in writing that its UTAB risk scoring model was operating during the audit period to ensure claimants were profiled to determine those most likely to exhaust unemployment benefits and need reemployment services. However, after our Office tested the risk scoring model and identified system weaknesses, the Department informed us that the scoring model was not working as intended and disabled during the audit period.
Employee Training
The Department did not maintain historical records of employee training profiles. Instead, management retained only documents supporting the most recent training course completed by each employee. Additionally, management did not adequately maintain its tracking reports to ensure all completed training sessions were documented for each employee.
Effect of Condition
Identification for People Eligible for Reemployment Services
Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure that claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT.
Employee Training
By not maintaining adequate training records for its employees, the Department cannot demonstrate that all RESEA staff have been properly trained on unemployment eligibility requirements in order to administer reemployment services to clients, as required in the RESEA State Plan.
Recommendations
We recommend the Department:
• Review the design of its UTAB calculation to determine an applicant’s risk profile score, and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
• Reconcile the interface between the UTAB system and the scheduling system to ensure that all RESEA eligible claimants were received by the RAS scheduling system
• Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants
• Verify all staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants
Department’s Response
The Department partially concurs with the finding.
UTAB Recommendations:
I. Review the design of its UTAB calculation to determine an applicant’s risk profile score, and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
Department response:
The Department concurs with the recommendation. For clarification, the coefficient values are calculated outside of UTAB. The coefficients are then input into UTAB which then calculates the profile score. The Department will review processes to effectively validate profile scores based upon new coefficients.
II. Reconcile the interface between the UTAB system and the scheduling system to ensure that all RESEA eligible claimants were received by the RAS scheduling system.
Department response:
The Department partially concurs with the recommendation.
Regarding the recommendation, there is no interface between UTAB and RAS to reconcile. The UTAB system is capable of generating an “exit file” which indicates the profile score for all the applicants that have a work search requirement. This file is sent and input into the RAS scheduler which automatically assigns the applicant. The Department will review its processes to verify that the RAS properly sets appointments from the UTAB exit file.
b. Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements.
Department Response:
The Department does not concur with this recommendation. In the Background section above, SAO stated “In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants.”
The pilot program was not implemented in lieu of the risk model, but concurrently as described above. In brief, all applicants are scored and provided both a risk scoring profile based on established standards, and a random score, as described in the pilot program. Based on the risk scoring model, the top scores are automatically selected for RESEA. The remainder of the applicants are assigned based on the random score. The use of the top scorers and the random scoring methodology allows for the Department to meet the both the standard requirements by RESEA and the pilot program.
Considering this, the Department believes it is compliant with both the risk based and random scoring profile requirements.
Training Recommendations:
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants.
Department Response:
The Department does not concur with the recommendation. In the Background stated above, SAO noted “All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules, and agency policies once a year. Staff are required, by Department policy to take an intensive training before providing reemployment services to claimants, as well as take an annual refresher training once a year.”
For accuracy, staff are required by the US DOL as follows (UIPL 08-24) page 15: Required Engagement of UI Staff – UI staff must be engaged in the administration of the RESEA program. This includes, but is not limited to:
I. Participating in the planning, administration, and oversight of the RESEA program;
II. Providing all appropriate staff training on UC eligibility requirements;
III. Ensuring accurate data are provided in the RESEA-required reports; and
IV. Conducting eligibility determinations and redeterminations resulting from issues identified through RESEA participation.
The first day of RESEA Intensive Training is UI eligibility training which is designed and conducted by UICS Trainers. The Policy 4050-1 indicates that staff are required to have yearly training, but this is not specified by Policy definition and provides for the ad hoc and monthly trainings put on by programs. Additionally, there is no RESEA Department “policy” regarding training. The current program team fulfills the UIPL mandated UI Eligibility requirement through the required RESEA Intensive Training for all RESEA staff - as has been the process since 2020. The refresher trainings were implemented by programs to bring those trained, non-regular RESEA staff and local leaders up to date on changes, address in an effort to improve performance and reinforce staff confidence in their work. This is an internal process.
The Department does have controls in place to ensure all employees receive required RESEA training, an internal spreadsheet, updated by training staff which was provided to the auditors. The two exceptions of the 55 sampled were staff who completed RESEA Intensive Training prior to the fiscal year audited. USDOL requires only that RESEA staff be trained and RESEA Policy indicates that training can occur as needed and in any form (monthly program call, ad hoc office training, etc.). Formal training is completed every 6 weeks and ad hoc trainings are provided on a monthly basis at a minimum.
Therefore, the Department believes it meets the minimum standards as required by USDOL.
• Verify all staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants.
Department Response:
The Department does not concur with the recommendation. The Cause of the Condition for the training requirements as noted by SAO is a determination that ESD did not maintain training records.
The exceptions noted in this area appear to be centered around two seasonal staff who were trained, though their training records were found outside the audit period. As stated in our response above, USDOL does not require yearly training. ESD implemented this programmatically in Fall of 2022. RESEA Policy 4050-1 indicates that staff should receive regular training, but intentionally does not specify the formality, format or content, allowing us to provide this in regular program calls and in ad hoc office trainings.
Specifically the policy states “(3.A): *Staff training requirement for RESEA services - Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.”
The RESEA lead trainer provided other documentation to the auditors - both from the LMS and our ESD’s own internal spreadsheets. Program records reflect the same information as LMS records but for the lone retiree (who showed up in our records but was archived from the LMS records). The two non-regular/seasonal staff who provided services in the audit period but did not have a record of that training in the audit period had previously completed required intensive training - which is more than the minimum required by USDOL.
Auditor’s Remarks
Identification for People Eligible for Reemployment Services
The Department could not explain how the calculation of a claimant’s profile score occurred in UTAB in order to demonstrate that the automated calculation is working as intended to ensure claimants who are most likely to exhaust their unemployment benefits and need reemployment services are correctly identified. By implementing the RCT instead of assessing each claimant’s risk of exhausting unemployment benefits, and rank-ordering each claimant for RESEA selection based on that risk, the Department’s claimant selection design does not ensure that it prioritizes selecting claimants more likely to exhaust their benefits over other claimants with a lower likelihood of exhausting their benefits. This approach does not meet the federal requirement to ensure those individuals likely to exhaust their unemployment benefits are prioritized for RESEA services.
Without monitoring to ensure all claimants determined eligible to receive RESEA services are transmitted to RAS, the Department cannot ensure that claimants selected to receive RESEA appointments represent those claimants who are most likely to exhaust their regular unemployment benefits and are most in-need of reemployment services. Additionally, by not reconciling claimants selected for appointments in RAS with claimants profiled in UTAB, the Department cannot reasonably ensure that all claimants eligible to receive RESEA services have been considered for appointment selection.
Employee Training
The Department’s policy 4050-1 stipulates that the annual refresher course is required to be completed by staff rendering RESEA services to claimants. Our testing focused on those individuals available to provide RESEA services to claimants during the audit period, and therefore we concluded that these individuals were required to receive an annual refresher training course during the audit period. The Department stated in its response that it implemented the programmatic annual refresher training requirement in Fall 2022, however Department policy 4050-1 became effective on October 15, 2020.
The Department did not accurately track employee training completed during the audit period using its internal monitoring spreadsheet. Without monitoring to ensure all training records have been accurately reflected in the spreadsheet, management cannot ensure that all staff providing RESEA services have completed required training programs and therefore does not have reasonable assurance of compliance with RESEA training requirements as outlined in the Department’s policy.
Furthermore, we disagree with the Department’s assertion that annual training is not required for all RESEA staff. Both the Policy 4050-1 and the RESEA State Plan state that staff providing direct services to claimants must receive annual refresher training from the Department in addition to initial training on program requirements, state laws, rules and agency policies.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part:
(j) Worker profiling
(1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that –
(A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment;
(B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law;
Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part:
1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense.
2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications.
Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part:
3. Policy:
A. Staff Training requirements for RESEA Services
Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.
B. Claimant selection for RESEA services
RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score.
Based on ranked scoring, claimants are selected and added to an electronic list as eligible to receive RESEA services. Claimants identified as most likely to exhaust, or as UCX receive top priority.
Selection occurs between the second and fifth week of a valid claim. Claimants waiting on decisions or for their claims to become valid are not selected until they have valid claims and are eligible for benefits.
2023-006 The Employment Security Department made improper payments to ineligible beneficiaries of the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed, Eligibility
Known Questioned Cost Amount: $603
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to people for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
In 2020, the U.S. Department of Labor (DOL) established new unemployment compensation programs, including Pandemic Unemployment Assistance (PUA), to provide additional unemployment assistance benefits to eligible workers affected by the COVID-19 pandemic. These programs were extended and modified through the American Rescue Plan Act of 2021.
Under the temporary programs, which expired on September 6, 2021, states must process and pay benefits to eligible people for all weeks of unemployment ending on or before the date of termination or eligibility expiration (whichever comes first). People eligible for PUA included those not eligible for regular unemployment compensation, such as people who have already exhausted their regular UI benefits, are self-employed, seeking part-time employment, or lack sufficient work history. The first week in which claimants were eligible to receive PUA benefits began on January 27, 2020.
During the pandemic, people applying for PUA benefits were required to self-certify that they were unemployed, partially unemployed, or unable or unavailable to work due to COVID-19. However, in January 2021, DOL announced a change to federal law through Unemployment Insurance Program Letter (UIPL) 16-20, Change 4. This change required that people receiving PUA benefits on or after December 27, 2020, submit proof of documentation to the state substantiating their employment, self-employment, or planned start of employment or self-employment in order to receive their benefits, regardless of when their benefits are actually paid. This includes people requesting retroactive payments of PUA benefits that are not received until after December 27, 2020.
Description of Condition
The Department did not ensure that payments were made only to eligible beneficiaries of the UI program.
We found the Department had adequate internal controls to ensure it paid UI benefits to eligible people, and it materially complied with the federal requirements. However, we identified questioned costs for benefits awarded to PUA claimants.
We used a statistical sampling method to randomly select and examine 78 out of a total population of 20,447 claims for weekly PUA benefits. For these claims, the Department was required to determine the eligibility of each claimant to receive benefits, including verifying proof of employment, self-employment, or planned start of employment or self-employment.
We found three instances (5.1 percent) where the Department paid weekly benefits without requesting and reviewing documentation from the claimant substantiating employment, self-employment, or planned start of employment or self-employment, as required by the federal grantor. These three claims resulted in $603 in known overpayments of PUA benefits by the Department, as each claim was paid after December 27, 2020, and during our audit period.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials did not correctly interpret the guidance outlined in the UIPL change to reflect that claimants were required to provide documentation substantiating proof of employment or self-employment in order to receive payments from the state after December 27, 2020. The Department did not request documentation from PUA claimants to substantiate employment prior to paying the claims.
Effect of Condition and Questioned Costs
We identified $603 in known federal questioned costs and $208,975 in likely federal questioned costs. We considered these questioned costs because the people receiving the benefit payments did not meet all the program’s eligibility requirements at the time of payment.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Verify people applying for PUA benefits have met all eligibility requirements before issuing weekly benefit payments
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department does not concur with the finding.
The State Auditor’s Office asserts the Department incorrectly interpreted guidance outlined in the UIPL regarding PUA benefit eligibility requirements. However, citing the UIPL below:
UIPL 16-20 change 4
2. Requirement to submit documentation substantiating employment or self-employment (Section 241 of the Continued Assistance Act) (new).
The first full paragraph of section C.2. of attachment I, UIPL 16-20 change 4 says that:
“Anyone that receives a payment of PUA on or after December 27, 2020, (the enactment date of the Continued Assistance Act) will be required to submit documentation substantiating employment or self-employment, or the planned commencement of employment or self-employment.” [emphasis added]
Under this guidance, the claimant had to first have been issued a payment after the Continued Assistant Act (CAA) became effective (regardless of the week or weeks the payment(s) were for) before the Department could set the issue to request the documentation.
In the exceptions noted by SAO, the first claimant wasn’t paid at all until 2023. Once the payment was issued to the claimant, the PUA Documents Required (PDR) issue was properly set. In the second, the claimant received some payments before 12/27/20 and then had other payment stops on her claim that were not removed until 2023. The removal of those payment stops triggered a payment for the remaining weeks claimed. Because those payments were made after 12/27/20, the PDR issue was set.
Under the same section, item c. limits the date the Department can start the denial for failing to comply with the PDR issue:
c. Failure to Comply. Individuals who do not provide documentation substantiating employment/self-employment (or planned employment/self-employment) within the required timeframe, as described above, are not eligible for PUA. For DUA, if the individual fails to submit documentation substantiating employment or self-employment, the state must establish an overpayment for the entire DUA claim, per 20 C.F.R. 625.6(e)(2). However, as provided in Section 241(b)(2) of the Continued Assistance Act, for PUA, if the individual fails to submit such documentation, the state may only establish an overpayment for those weeks of unemployment ending on or after December 27, 2020 (the enactment date of the Continued Assistance Act).
For example, an individual has a PUA claim effective on November 1, 2020, and files and is paid for weeks of unemployment ending November 7, 2020, through weeks ending January 9, 2021. Because the individual received a payment for PUA after December 27, 2020, the state must notify the individual on January 4, 2021, about the requirement to provide documentation substantiating employment/self-employment (or planned employment/self-employment) within 90 days (by April 4, 2021).
If, in that timeframe, the individual fails to provide documentation or fails to show good cause to have the deadline extended, an overpayment must be established for all the weeks paid beginning with the week ending January 2, 2021. This is because the individual cannot be deemed ineligible for a week of unemployment ending before the date of enactment solely for failure to submit documentation (emphasis added).
In the cases reviewed, the claimants did not respond to the issue or provide their documentation. Because the denial is limited to only claimed weeks following the enactment of the CAA (weeks ending 1/2/21 and later), any weeks from 2020 that were paid in 2023 had no potential for denial and therefore should not be considered to be incorrectly paid, similar to the example given above from the UIPL.
If addition, if claimants never claimed a week ending after the CAA was effective, the PDR issue will set but never be adjudicated because they had never claimed a week that was potentially deniable.
In discussions with SAO, the Office cited paragraph b(ii) of the UIPL, to indicate that any claims paid by the State on or after 12/27/2020 require the claimant to provide documentation substantiating employment or self-employment within 90 days of payment, or when directed to submit the documentation by the state workforce agency, whichever is later. This section of the UIPL solely lays out the requirements for establishing the respond-by dates for providing documentation for review. The deadline for responses is different depending on whether the PUA claim was filed before 1/26/21 or on/after that date. This paragraph does not establish the requirements for payment or non-payment of PUA weeks.
Additionally, the Department received further guidance in a webinar with USDOL on Monday, January 11, 2021, which reinforced the methodology used by the Department in these cases.
Auditor’s Remarks
For the claimants in question, we did not receive any documentation from the Department demonstrating that a request was sent to the claimant to provide supporting documentation substantiating employment, nor was there evidence provided that the claims in-question were suspended due to missing documentation from the claimants.
Federal guidance contained in Attachment I to UIPL 16-20, Change 4 – Pandemic Unemployment Assistance (PUA) Implementation and Operating Instructions stipulates the following:
“Anyone that receives a payment of PUA on or after December 27, 2020, (the enactment date of the Continued Assistance Act) will be required to submit documentation substantiating employment or self-employment, or the planned commencement of employment or self-employment. This includes any individual who receives any payment of PUA on or after December 27, even if the payment is for a week of unemployment that occurred before December 27, 2020. The deadline for providing such documentation depends on when the individual filed the initial PUA claim.
• Filing New Applications for PUA on or after January 31, 2021. Individuals filing a new PUA application on or after January 31, 2021 (regardless of whether the claim is backdated), are required to provide documentation within 21 days of application or the date the individual is directed to submit the documentation by the State Agency, whichever is later. The deadline may be extended if the individual has shown good cause under state UC law within 21 days.
• Filing Continued Claims for PUA. Individuals who have an existing PUA claim as of December 27, 2020, (the enactment date of the Continued Assistance Act) or who file a new initial PUA claim before January 31, 2021, and who receive PUA on or after December 27, 2020, must provide documentation within 90 days of the application date or the date the individual is instructed to provide such documentation by the state agency (whichever date is later).”
We questioned these payments due to the Department not receiving any supporting documentation substantiating employment or self-employment from these claimants during the audit period, and failing to establish overpayment notices to the claimants during the audit period. For all three payments in-question, the claimant filed for PUA prior to December 27, 2020, and therefore would have been required to submit supporting documentation substantiating employment to the Department within 90 days, or as directed by the Department.
Because the Department did not receive supporting documentation from the claimants for these benefit weeks during the audit period, we could not determine that the payments were allowable and that the claimants met the PUA eligibility requirements for their benefit weeks paid.
We reaffirm our finding and will follow-up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
E. Eligibility
1. Eligibility for Individuals
a. PUA – PUA provides benefits to covered individuals, who are those individuals not eligible for regular unemployment compensation (UC or extended benefits under state or federal law or PEUC, including those who have exhausted all rights to such benefits). Covered individuals also include self-employed, those seeking part-time employment, individuals lacking sufficient work history, and those who otherwise do not qualify for regular unemployment compensation or extended benefits under state or federal law or PEUC.
PUA is payable to individuals who are ineligible for regular UC, EB, or PEUC and are unemployed, partially unemployed, or unable or unavailable to work due to one of the COVID-19 related reasons identified in Attachment I to UIPL No. 16-20, Change 6. Section 2102(a)(3)(A)(ii)(I) of the CARES Act included 10 specific COVID-19 related reasons. The Department, under the authority provided by Section 2102(a)(3)(A)(ii)(I)(kk) of the CARES Act, added additional COVID-19 related reasons three new COVID-19 related reasons with the publication of UIPL No. 16-20, Change 5 on February 25, 2021. All COVID-19 related reasons apply retroactively to the beginning of the PUA program. Additionally, individuals who are paid on or after December 27, 2020, must submit proof of documentation substantiating employment, self-employment, or the planned commencement of employment or self-employment (see Attachment I, Section C.2. of UIPL No. 16-20, Change 4). This includes individuals requesting retroactive payments that are not received until after December 27, 2020.
2023-007 The Employment Security Department did not have adequate internal controls to ensure it submitted accurate financial reports for the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53; UI-34748-20-55-A-53; UI-35682-21-55-A-53; UI-35977-21-60-A-53;
UI-37098-21-55-A-53; UI-37256-22-55-A-53;
UI-37313-22-55-A-53; UI-38013-22-60-A-53;
UI-38163-22-55-A-53;UI-38511-22-55-A-53;
UI-38580-22-75-A-53; UI-39303-23-55-A-53;
UI-39355-23-55-A-53; UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to people for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than
$1.1 billion in unemployment insurance benefits to people in Washington.
The Unemployment Insurance Reports Handbook No. 401 – published by the U.S. Department of Labor (DOL), Employment and Training Administration, Office of Unemployment Insurance – outlines the requirements for states to submit financial and performance reports to the federal government so it can evaluate their UI programs. The ETA 9130 – Financial Status Report is submitted quarterly, and is used to report program and administrative expenditures for UI programs. This financial data is reported cumulatively and separately for regular UI programs, as well as Pandemic Emergency Unemployment Compensation, Pandemic Unemployment Assistance, Disaster Unemployment Assistance, Trade Readjustment Assistance, and Reemployment Trade Adjustment Assistance. The Department requires fiscal analysts to prepare these reports, and grants management reviews and approves the reports before submitting them to DOL.
Additionally, the Department is required to submit to DOL the ETA 2112 – UI Financial Transaction Summary. This report provides a monthly summary of UI transactions that accounts for all funds received in, passed through or paid out of the state unemployment fund. The Department’s Assistant Treasury Supervisor is responsible for preparing these reports, and the Treasurer reviews the reports for accuracy and certifies them before they are submitted to DOL.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure it submitted accurate financial reports for the UI program.
During fiscal year 2023, the Department was required to submit 104 quarterly ETA 9130 financial reports to DOL. We used a non-statistical sampling method to randomly select and examine 15 reports. We found that five of the 15 reports (33 percent) were not certified by the Grants Manager before they were submitted to DOL.
In addition, the Department was required to submit 12 monthly ETA 2112 financial reports to DOL. We used a non-statistical sampling method to randomly select and examine five reports. We found one of the five reports (20 percent) was not reviewed and approved by the Treasurer before it was submitted to DOL.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials said that the Grants Manager responsible for reviewing the ETA 9130 reports for accuracy resigned during the audit period, prior to the due date of the five reports that were not certified. As a result, the Department submitted these reports without a secondary review.
Department officials said that the Treasurer discussed the ETA 2112 report with the Assistant Treasury Supervisor as fiscal analysts prepared the draft. However, the Treasurer did not document their approval of the report, and the Department did not retain any documentation supporting that the Treasurer reviewed and certified the report.
Effect of Condition
When management does not follow the Department’s established internal controls to ensure that all required financial reports are accurate, the Department is at an increased risk of inaccurately reporting financial data to the federal grantor.
Recommendation
We recommend the Department improve internal controls to ensure that management properly reviews and certifies all required financial reports before they are submitted to the federal grantor. This should include maintaining records to show that management completed these reviews.
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the UI grant.
The Department has implemented procedures to ensure reports are reviewed prior to submission, and submission dates and approvals are documented.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
L. Reporting
1. Financial Reporting
d. ETA 9130, Financial Status Report, UI Programs – This report is used to report program and administrative expenditures. All ETA grantees are required to submit quarterly financial reports for each grant award which they operate, including standard program and pilot, demonstration, and evaluation projects. Financial data is required to be reported cumulatively from grant inception through the end of each reporting period. Additional information on OMB Number 1205-0461 can be accessed at http://www.dol.gov/agencies/eta/grants/management and scroll down to the section on Financial Reporting. A separate ETA 9130 is submitted for each of the following: UI, PEUC, and PUA Administration, DUA, TRA/RTAA, and UI Projects (administration and benefits). See TEGL No. 02-16 for specific and clarifying instructions about the ETA 9130 https://wdr.doleta.gov/directives/corr_doc.cfm?DOCN=5156.
ETA 2112, UI Financial Transaction Summary (OMB No. 1205-0154) – A monthly summary of transactions, which account for all funds received in, passed through, or paid out of the state unemployment fund (ET Handbook 401).
2023-008 The Employment Security Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-005
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. It provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Employment Security Department administers the UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
The Unemployment Insurance Reports Handbook No. 401—published by the U.S. Department of Labor (DOL), Employment and Training Administration, Office of Unemployment Insurance – outlines the requirements for states to submit financial and performance reports to the federal government so it can evaluate their UI programs. The ETA 9055 – Appeals Case Aging – Lower and Higher Authority Appeals report (OMB No. 1205-0359) is submitted monthly, and it provides information on the inventory of lower and higher-authority single claimant appeals cases that have been filed in court but not yet decided. These reports provide the federal government with information about the number of days from the date an appeal was filed through the end of the month covered by the report, as well as the average and median age of the pending appeals cases. The Department prepares this report using data obtained through interagency data-sharing agreements with the Washington State Office of Administrative Hearings and the Washington State Administrative Office of the Courts.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the UI Program. The prior finding number was 2022-005.
Description of Condition
The Department did not have adequate internal controls to ensure it submitted accurate monthly reports for the UI program.
During fiscal year 2023, the Department was required to submit monthly ETA 9055 performance reports to DOL. The Department did not require or perform a secondary review of the reports before submitting them. A single Department employee manually prepared the information contained in the reports and submitted them to the federal grantor, and no one verified they were accurate and complete before submission.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
Although Department officials said they implemented a secondary review of the 9055 report in May 2023, management did not monitor the completion of these reports throughout the audit period to determine whether internal controls would be sufficient to detect and correct any potential data entry errors. In addition, management relied on staff knowledge and other agencies to provide accurate and complete information.
Effect of Condition
By not establishing adequate internal controls to ensure monthly performance reports are complete and accurate, the Department is at an increased risk of inaccurately reporting data to the federal grantor.
Recommendation
We recommend the Department implement internal controls to ensure it has an effective review process in place before submitting monthly reports to the federal grantor.
Department’s Response
The Department concurs with the finding and thanks the State Auditor’s Office for its work over this area.
The Department immediately implemented the secondary review of these reports in response to a prior year finding over this issue. However, the recommendation from the prior year and the Department’s implementation occurred after the new state fiscal year had begun. The Department expects the control to be in place and functioning for the entire year in our next audit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Labor, Employment and Training Administration, Office of Unemployment Insurance, Unemployment Insurance Reports Handbook No. 401, Section V: Benefits Time Lapse and Quality, states in part:
ETA 9055 – APPEALS CASE AGING
Section V-5
1. General Reporting Instructions
Appeals Case Aging measures require states to report data on the universe of all single claimant appeals cases that have not been decided prior to the end of the reporting period. Edit checks can be found in Handbook 402, Unemployment Insurance Required Reports User’s Manual, Appendix C.
4. Pending Lower Authority Single Claimant Appeals Case Aging.
I. Includes all lower authority single claimant appeals cases, including those remanded by the higher authority for a hearing and decision reopened appeals cases not decided at the end of the month.
5. Pending Higher Authority Single Claimant Appeals Case Aging.
a. Includes all higher authority single claimant appeals cases, including remanded and reopened appeals cases, not decided at the end of the month. An appeals case that has been remanded to the lower authority for additional evidence and will be returned to the higher authority for a decision is reported in this inventory. An appeals case that has been remanded to the lower authority for a new hearing and decision is not a pending higher authority appeals case and should not be counted as such.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part:
L. Reporting
2. Performance Reporting
States are required to submit periodic reporting to evaluate the performance of the states’ UI programs. The auditor should test the information included in the key reports included below that ensure the timeliness of benefits paid. Detailed information on these reports can be accessed under:
https://www.dol.gov/sites/dolgov/files/ETA/handbooks/2017/ETHand401_5th.pdf
2023-009 The Employment Security Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the Benefit Accuracy Measurement program of the Unemployment Insurance program in a timely manner.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53; UI-34748-20-55-A-53;
UI-35682-21-55-A-53; UI-35977-21-60-A-53;
UI-37098-21-55-A-53; UI-37256-22-55-A-53;
UI-37313-22-55-A-53; UI-38013-22-60-A-53;
UI-38163-22-55-A-53; UI-38511-22-55-A-53;
UI-38580-22-75-A-53; UI-39303-23-55-A-53;
UI-39355-23-55-A-53; UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: UI Benefits Payments
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-006
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Improper Payment Elimination and Recovery Act of 2010 requires state workforce agencies to maintain a quality control system. The Benefits Accuracy Measurement (BAM) program is the U.S. Department of Labor’s quality control system designed to assess the accuracy of unemployment insurance benefit payments and denied claims in separation status. The program estimates error rates and dollar amounts of benefits improperly paid or denied by projecting the results from investigations in a state.
The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
Under the BAM program, the Department is required to draw a weekly sample of payments and denied claims. The Department must complete this sampling promptly and conduct an in-depth investigation of the claims to determine the degree of accuracy in administering the state’s Unemployment Compensation program and compliance with federal law (20 CFR 602.21(d)). The Department has established a dedicated BAM unit to meet these requirements.
The Benefit Accuracy Measurement State Operations Handbook, which is published by the U.S. Department of Labor’s Employment and Training Administration, indicates the time frame and requirements for conducting BAM program case sampling for paid claims. States must complete reviews of:
• 70 percent of the sampled cases within 60 days of the week ending date of the batch; and
• 95 percent of the sampled cases within 90 days of the week ending date of the batch; and
• 98 percent of sampled cases within 120 days of the ending date of the annual report period.
In addition, states must sample denied claims and review:
• 60 percent of the sampled cases within 60 days of the week ending date of the batch; and
• 85 percent of the sampled cases within 90 days of the week ending date of the batch; and
• 98 percent of the sampled cases within 120 days of the end of the calendar year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported that the Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner. The prior finding numbers were 2022-006, 2021-005 and 2020-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner.
The Department did not effectively recruit, develop and retain staff to ensure it materially complied with the BAM program’s case review requirements.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not adequately staff its BAM unit with resources sufficient to meet BAM program requirements. Management did not allocate sufficient resources to the BAM unit, and did not effectively retain its investigative staff assigned to the BAM unit to support its minimum required caseload.
Effect of Condition
The Department did not comply with the federally required timelines for completing its case sampling. For paid claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling for paid claims. The Department completed 472 of the required 480 samples.
• Completed only 425 (90.4 percent) of its 472 sampled cases within 90 days of the week ending date of the batch, failing to meet the federal requirement of 95 percent
• Completed only 446 (94.5 percent) of its 472 sampled cases within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98 percent
We also found the Department failed to complete the minimum required annual allocation for sampling for denied claims. The Department completed 436 of the required 450 samples for the annual allocation.
By not complying with the federally required timelines for completing case sampling, the Department cannot fully evaluate the accuracy of its claim decisions and is less likely to detect fraudulent payments.
Recommendation
We recommend the Department allocate the necessary staffing resources to ensure it complies with the U.S. Department of Labor’s timelines for BAM case sampling.
Department’s Response
The Department concurs with the finding and recommendation and thanks the State Auditor’s Office for its work to ensure the Department meets case sampling requirements.
Historically, the Benefit Accuracy Measurement (BAM) unit has been challenged to maintain full levels of staffing. Staff turnover, long training requirements, and unique skill sets make these positions difficult to maintain. The Department continues to hire, develop, and retain staff to fully meet USDOL requirements.
The Department further continues to partner and frequently communicate with the U.S. Department of Labor (USDOL) Regional Offices to discuss staffing and training models. The Quality Assurance Manager and the Case Review Supervisor are committed to routinely monitoring caseload, workload, and the overall assurance of meeting the BAM operations performance goals and measures as set forth by USDOL.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 CFR Part 602, Quality Control in the Federal-State Unemployment Insurance System, section 21, Standard methods and procedures, establishes the requirements for states to conduct representative case sampling for quality control study of unemployment benefit claims, which state in part:
§602.21 Standard methods and procedures.
Each State shall:
a. Perform the requirements of this section in accordance with instructions issued by the Department, pursuant to 602.30(a) of this part, to ensure standardization of methods and procedures in a manner consistent with this part;
b. Select representative samples for QC study of at least a minimum size specified by the Department to ensure statistical validity (for benefit payments, a minimum of 400 cases of week paid per State per year);
c. Complete prompt and in-depth case investigations to determine the degree of accuracy and timeliness in the administration of the State UC law and Federal programs with respect to benefit determinations, benefit payments, and revenue collections; and conduct other measurements and studies necessary or appropriate for carrying out the purposes of this part;
d. Furnish information and reports to the Department, including weekly transmissions of case data entered into the automated QC system and annual reports, without, in any manner, identifying individuals to whom such data pertain;
The U.S. Department of Labor, Employment and Training Administration Benefit Accuracy Measurement State Operations Handbook – ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 13: Completion of Cases and Timely Data Entry, states in part:
The following time limits are established for completion of all cases for the year. (The “year” includes all batches of weeks ending in the calendar year.):
• A minimum of 70 percent of cases must be completed within 60 days of the week ending date of the batch, and 95 percent of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98 percent of cases for the year must be completed within 120 days of the week ending date of the calendar year.
ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 12: Sampling Selection, states in part:
The annual sample size for UI paid claims and the three types of denials are fixed by DOL for the calendar year. BAM supervisors may change the weekly sample sizes in the input control record to accommodate investigator vacation schedule or other staffing contingencies. However, state are expected to pull at least the minimum number of cases each week. States may not over sample during a portion of the year in order to meet the annual sample allocation and then suspend sampling for the remainder of the calendar year. The minimum weekly and quarterly samples, based on current annual sample allocations are:
*Allocation for ten smallest states in terms of UI workload.
** 150 cases each of monetary, separation, and non-separation denials will be selected each year, for a total of 450 DCA cases.
ET Handbook No. 395, 5th Edition, Chapter VIII – Denied Claims Accuracy (DCA), Section 7: Completion of DCA Cases and Timely Data Entry, states in part:
As in paid claims, prompt completion of investigations is important to ensure the integrity of the information being collected by questioning claimant and employers before the passage of time adversely affects recollections. However, due to the fact that contacting the claimant and obtaining claimant information is more difficult than in paid claims, the timeliness standards differ as the following indicates:
• A minimum of 60 percent of cases must be completed within 60 days of the week ending date of the batch, and 85 percent of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98 percent of cases for the year must be completed within 120 days of the ending date of the Calendar Year.
2023-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure staff providing those services received required training.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34528-20-60-A-53;
UI-34748-20-55-A-53;
UI-35682-21-55-A-53;
UI-35977-21-60-A-53;
UI-37098-21-55-A-53;
UI-37256-22-55-A-53;
UI-37313-22-55-A-53;
UI-38013-22-60-A-53;
UI-38163-22-55-A-53;
UI-38511-22-55-A-53;
UI-38580-22-75-A-53;
UI-39303-23-55-A-53;
UI-39355-23-55-A-53;
UI-34092-20-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Reemployment Programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA)
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2023, the Department paid more than $1.1 billion in unemployment insurance benefits to people in Washington.
The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor.
According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and are in need of job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices.
In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning duration of unemployment claims, earnings, and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5 percent of people with the highest WPRS scores.
The Department’s UI staff oversee the RESEA program, which includes participating in the planning, administration and oversight of the program, providing appropriate training to staff conducting applicant eligibility reviews, completing individual reemployment plans, and providing information and access to career and reemployment services, including referrals to other services. All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules, and agency policies once a year. Staff are required, by Department policy to take an intensive training before providing reemployment services to claimants, as well as take an annual refresher training once a year. Training includes information regarding job search requirements, reporting requirements, and UI eligibility assessments. In addition, all staff working with RESEA participants must be trained to detect and report potential issues to the UI claims center.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the Department profiled all claimants under the UI program, to identify those likely to need reemployment services and ensure staff providing reemployment services received required training.
Identification for People Eligible for Reemployment Services
The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits.
The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5 percent of claimants with the highest score. A random score was assigned to the remaining 95 percent of claimants. The random score assignment did not provide adequate assurance that those people most likely to exhaust benefits were prioritized to receive reemployment services.
To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that were determined by the Department to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score.
The Department has not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had ever been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits.
To test whether the UTAB system correctly determined and assigned coefficients based on the claimant attributes, we created four test scenarios containing specific attributes and the expected assigned coefficient value. The UTAB system did not assign the expected coefficient value for three of the 10 attributes. Department officials did not know how the system determined and assigned the coefficient value for these three attributes or why the value did not agree to the system reference tables. Therefore, we cannot conclude whether the assigned values for these three coefficients or the profile score assigned based on the coefficients are accurate.
In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure that all files sent to RAS were received and processed. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements.
Employee Training
The Department uses a tracking report to monitor the status of completed training for each RESEA employee. However, the Department did not adequately monitor to ensure staff who administered RESEA services to clients took required training.
We used a statistical sampling method to randomly select and examine 55 out of a total population of 441 employees that Department officials said were available to provided RESEA services during fiscal year 2023. We examined records for all RESEA training courses completed by these employees and found that the Department did not have documentation evidencing that two employees (3.6 percent) completed annual RESEA training during the audit period. Both employees administered RESEA appointments to claimants during the audit period. We also found three employees (5.5 percent) were missing from the Department’s tracking report, and four additional employees completed a training course that was not listed on the report.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Identification for People Eligible for Reemployment Services
During the implementation of the RCT, the Department did not monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits.
Department management asserted in writing that its UTAB risk scoring model was operating during the audit period to ensure claimants were profiled to determine those most likely to exhaust unemployment benefits and need reemployment services. However, after our Office tested the risk scoring model and identified system weaknesses, the Department informed us that the scoring model was not working as intended and disabled during the audit period.
Employee Training
The Department did not maintain historical records of employee training profiles. Instead, management retained only documents supporting the most recent training course completed by each employee. Additionally, management did not adequately maintain its tracking reports to ensure all completed training sessions were documented for each employee.
Effect of Condition
Identification for People Eligible for Reemployment Services
Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure that claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT.
Employee Training
By not maintaining adequate training records for its employees, the Department cannot demonstrate that all RESEA staff have been properly trained on unemployment eligibility requirements in order to administer reemployment services to clients, as required in the RESEA State Plan.
Recommendations
We recommend the Department:
• Review the design of its UTAB calculation to determine an applicant’s risk profile score, and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
• Reconcile the interface between the UTAB system and the scheduling system to ensure that all RESEA eligible claimants were received by the RAS scheduling system
• Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants
• Verify all staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants
Department’s Response
The Department partially concurs with the finding.
UTAB Recommendations:
I. Review the design of its UTAB calculation to determine an applicant’s risk profile score, and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
Department response:
The Department concurs with the recommendation. For clarification, the coefficient values are calculated outside of UTAB. The coefficients are then input into UTAB which then calculates the profile score. The Department will review processes to effectively validate profile scores based upon new coefficients.
II. Reconcile the interface between the UTAB system and the scheduling system to ensure that all RESEA eligible claimants were received by the RAS scheduling system.
Department response:
The Department partially concurs with the recommendation.
Regarding the recommendation, there is no interface between UTAB and RAS to reconcile. The UTAB system is capable of generating an “exit file” which indicates the profile score for all the applicants that have a work search requirement. This file is sent and input into the RAS scheduler which automatically assigns the applicant. The Department will review its processes to verify that the RAS properly sets appointments from the UTAB exit file.
b. Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements.
Department Response:
The Department does not concur with this recommendation. In the Background section above, SAO stated “In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants.”
The pilot program was not implemented in lieu of the risk model, but concurrently as described above. In brief, all applicants are scored and provided both a risk scoring profile based on established standards, and a random score, as described in the pilot program. Based on the risk scoring model, the top scores are automatically selected for RESEA. The remainder of the applicants are assigned based on the random score. The use of the top scorers and the random scoring methodology allows for the Department to meet the both the standard requirements by RESEA and the pilot program.
Considering this, the Department believes it is compliant with both the risk based and random scoring profile requirements.
Training Recommendations:
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants.
Department Response:
The Department does not concur with the recommendation. In the Background stated above, SAO noted “All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules, and agency policies once a year. Staff are required, by Department policy to take an intensive training before providing reemployment services to claimants, as well as take an annual refresher training once a year.”
For accuracy, staff are required by the US DOL as follows (UIPL 08-24) page 15: Required Engagement of UI Staff – UI staff must be engaged in the administration of the RESEA program. This includes, but is not limited to:
I. Participating in the planning, administration, and oversight of the RESEA program;
II. Providing all appropriate staff training on UC eligibility requirements;
III. Ensuring accurate data are provided in the RESEA-required reports; and
IV. Conducting eligibility determinations and redeterminations resulting from issues identified through RESEA participation.
The first day of RESEA Intensive Training is UI eligibility training which is designed and conducted by UICS Trainers. The Policy 4050-1 indicates that staff are required to have yearly training, but this is not specified by Policy definition and provides for the ad hoc and monthly trainings put on by programs. Additionally, there is no RESEA Department “policy” regarding training. The current program team fulfills the UIPL mandated UI Eligibility requirement through the required RESEA Intensive Training for all RESEA staff - as has been the process since 2020. The refresher trainings were implemented by programs to bring those trained, non-regular RESEA staff and local leaders up to date on changes, address in an effort to improve performance and reinforce staff confidence in their work. This is an internal process.
The Department does have controls in place to ensure all employees receive required RESEA training, an internal spreadsheet, updated by training staff which was provided to the auditors. The two exceptions of the 55 sampled were staff who completed RESEA Intensive Training prior to the fiscal year audited. USDOL requires only that RESEA staff be trained and RESEA Policy indicates that training can occur as needed and in any form (monthly program call, ad hoc office training, etc.). Formal training is completed every 6 weeks and ad hoc trainings are provided on a monthly basis at a minimum.
Therefore, the Department believes it meets the minimum standards as required by USDOL.
• Verify all staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants.
Department Response:
The Department does not concur with the recommendation. The Cause of the Condition for the training requirements as noted by SAO is a determination that ESD did not maintain training records.
The exceptions noted in this area appear to be centered around two seasonal staff who were trained, though their training records were found outside the audit period. As stated in our response above, USDOL does not require yearly training. ESD implemented this programmatically in Fall of 2022. RESEA Policy 4050-1 indicates that staff should receive regular training, but intentionally does not specify the formality, format or content, allowing us to provide this in regular program calls and in ad hoc office trainings.
Specifically the policy states “(3.A): *Staff training requirement for RESEA services - Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.”
The RESEA lead trainer provided other documentation to the auditors - both from the LMS and our ESD’s own internal spreadsheets. Program records reflect the same information as LMS records but for the lone retiree (who showed up in our records but was archived from the LMS records). The two non-regular/seasonal staff who provided services in the audit period but did not have a record of that training in the audit period had previously completed required intensive training - which is more than the minimum required by USDOL.
Auditor’s Remarks
Identification for People Eligible for Reemployment Services
The Department could not explain how the calculation of a claimant’s profile score occurred in UTAB in order to demonstrate that the automated calculation is working as intended to ensure claimants who are most likely to exhaust their unemployment benefits and need reemployment services are correctly identified. By implementing the RCT instead of assessing each claimant’s risk of exhausting unemployment benefits, and rank-ordering each claimant for RESEA selection based on that risk, the Department’s claimant selection design does not ensure that it prioritizes selecting claimants more likely to exhaust their benefits over other claimants with a lower likelihood of exhausting their benefits. This approach does not meet the federal requirement to ensure those individuals likely to exhaust their unemployment benefits are prioritized for RESEA services.
Without monitoring to ensure all claimants determined eligible to receive RESEA services are transmitted to RAS, the Department cannot ensure that claimants selected to receive RESEA appointments represent those claimants who are most likely to exhaust their regular unemployment benefits and are most in-need of reemployment services. Additionally, by not reconciling claimants selected for appointments in RAS with claimants profiled in UTAB, the Department cannot reasonably ensure that all claimants eligible to receive RESEA services have been considered for appointment selection.
Employee Training
The Department’s policy 4050-1 stipulates that the annual refresher course is required to be completed by staff rendering RESEA services to claimants. Our testing focused on those individuals available to provide RESEA services to claimants during the audit period, and therefore we concluded that these individuals were required to receive an annual refresher training course during the audit period. The Department stated in its response that it implemented the programmatic annual refresher training requirement in Fall 2022, however Department policy 4050-1 became effective on October 15, 2020.
The Department did not accurately track employee training completed during the audit period using its internal monitoring spreadsheet. Without monitoring to ensure all training records have been accurately reflected in the spreadsheet, management cannot ensure that all staff providing RESEA services have completed required training programs and therefore does not have reasonable assurance of compliance with RESEA training requirements as outlined in the Department’s policy.
Furthermore, we disagree with the Department’s assertion that annual training is not required for all RESEA staff. Both the Policy 4050-1 and the RESEA State Plan state that staff providing direct services to claimants must receive annual refresher training from the Department in addition to initial training on program requirements, state laws, rules and agency policies.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part:
(j) Worker profiling
(1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that –
(A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment;
(B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law;
Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part:
1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense.
2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications.
Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part:
3. Policy:
A. Staff Training requirements for RESEA Services
Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.
B. Claimant selection for RESEA services
RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score.
Based on ranked scoring, claimants are selected and added to an electronic list as eligible to receive RESEA services. Claimants identified as most likely to exhaust, or as UCX receive top priority.
Selection occurs between the second and fifth week of a valid claim. Claimants waiting on decisions or for their claims to become valid are not selected until they have valid claims and are eligible for benefits.
2023-012 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $603 million on highway projects during fiscal year 2023. Of that amount, it passed through about $331 million to local agencies through subawards for 378 new and existing projects across the state.
Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
For the subawards made during fiscal year 2023, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
We randomly selected and examined 55 of the 378 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for 17 of the 55 projects (30 percent). These risk assessments were signed and dated by Department staff after the audit period had ended. In addition, we found that 13 of the 17 assessments were not signed until after our Office requested them.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not ensure the Local Programs Engineers performed the risk assessments for each subrecipient project awarded program funds.
Effect of Condition
Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project.
Recommendations
We recommend the Department:
• Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements
• Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations.
Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. To help ensure consistency, the Department has updated position descriptions for Local Programs Engineers to reflect this requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring.
Title 2 CFR Part 200, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-013 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
20.205 COVID-19 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $706 million in federal Highway Planning and Construction program funds during fiscal year 2023. Of that amount, it spent more than $343 million on state-administered construction projects.
All laborers and mechanics employed by contractors or subcontractors to work on construction contracts exceeding $2,000 financed by federal assistance funds must be paid wages that are no less than those established for the locality of the project (prevailing wage rates) by the Department of Labor. All contractors and subcontractors are required to submit a copy of their payroll and a statement of compliance (certified payrolls) on a weekly basis, for each week in which any applicable contract work is performed. The Department’s construction projects typically involve both a prime contractor and subcontractors to complete work on the project.
The Department requires field inspectors to be onsite during construction work to ensure projects are completed in accordance with contract specifications. For every day of the week when contract work is performed, the inspector completes an Inspector Daily Report (IDR) and documents if there was any labor or mechanical work performed on that day. The IDRs are submitted to the Project Engineer, Project Manager, or Chief Inspector overseeing construction, who then reviews them to determine if any contractors must submit certified payrolls for that work week. Project Engineers are also required to document which contractors are required to submit certified payrolls each week by using a tracking report and maintaining it to identify all certified payrolls received from contractors and ensure they are documented and verified.
The Department publishes the Standard Specifications for Road, Bridge, and Municipal Construction (Standard Specifications), in addition to the Construction Manual (M.41-01.41), which applies to its construction contracts, and is approved by the U.S. Federal Highway Administration of the Department of Transportation. These specifications require contractors to submit certified payrolls to the Department on a weekly basis for each weekly payroll period. The Standard Specifications further stipulate that contractors must use the Washington State Department of Labor and Industries Prevailing Wage Intents and Affidavit System (PWIA) to submit weekly certified payrolls on federal projects. The Department’s Project Engineers are required to verify that contractor’s certified payrolls are submitted on a weekly basis in PWIA. If the contractor’s certifications are not submitted in a timely manner, the specifications allow the Department to withhold payment from contractors and enact other sanctions as necessary.
The Construction Manual also requires contractors to submit a Request to Sublet to gain authorization to use a subcontractor on a project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the program.
We found that the Department’s internal controls were not adequate to ensure all contractors and subcontractors submitted certified payrolls on a weekly basis, as required by federal law and the Standard Specifications.
We used a statistical sampling method and randomly selected 58 out of a total 3,931 of weeks in which contract work was performed on federally funded construction projects, to determine whether the Department received certified payrolls from the prime contractor and all subcontractors performing work on the project on a weekly basis, as required by federal law. We identified all 58 weeks required a total of 245 certified payrolls to be submitted to the Department.
Collecting certified payrolls
The Department did not collect all certified payrolls from the prime contractor and subcontractors on a weekly basis for 48 of the 58 weeks we examined (83 percent). For 45 of those weeks, we determined the Project Engineer did not notify the contractor in PWIA to submit the required payrolls. The Department provided no documentation demonstrating it withheld payments from or imposed additional sanctions upon prime contractors with late or overdue certified payrolls.
Of the 245 total certified payrolls submitted, 153 (62 percent) were not submitted within seven days (or one week) of the payroll week ending date, as required. On average, these payrolls were 23 days late, and 25 payrolls were more than 30 days late. For each of the 48 weeks, between one and 13 certified payrolls were submitted late. The Department requested overdue payrolls from contractors for 13 of those weeks.
We also found 12 weeks where the Project Engineer failed to document that certified payrolls were due for contractors that later submitted them in PWIA.
Internal controls and review of certified payrolls
We found that five of the 58 (9 percent) selected weeks were for projects that did not have an approved Request to Sublet form for all subcontractors on the project, as required by Department policy.
We also found that for 57 weeks, the Project Engineer assigned to oversee the project did not document that all required certified payrolls were received from contractors, as required by Department policy.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not adequately monitor to ensure compliance with federal requirements. While the Department’s Construction Manual and Standard Specifications have documented policies and procedures in place for Project Engineers and regional offices to follow to track certified payrolls, follow-up on late submissions, and issue sanctions, Project Engineers did not consistently follow these policies in monitoring contractors for compliance.
In addition, the Department’s Construction Manual does not specify how Project Engineers must document certified payrolls due for construction projects, and management does not have a standardized form for Project Engineers to use for tracking certified payrolls. Management did not adequately monitor Project Engineers to ensure they followed the standards outlined in the Construction Manual.
Effect of Condition
When the Department does not collect all certified payrolls timely, it cannot ensure that laborers working on federally funded construction contracts are paid the applicable prevailing wages, as required by law.
In addition, by not collecting certified payrolls on a weekly basis, the Department is not in compliance with federal requirements, and may be subject to actions by the federal grantor.
Recommendations
We recommend the Department:
• Monitor project offices to ensure contractors are notified when they have not provided certified payrolls for a given week of contract work
• Improve internal controls to ensure project offices monitor the status of certified payrolls due from contractors on a weekly basis, contractors are made aware of delinquent payrolls, and consideration is given to assessing sanctions on noncompliant contractors in accordance with its Standard Specifications, such as withholding any or all payments, as necessary, when contractors do not submit required certified payrolls on a weekly basis
• Ensure certified payrolls are collected from prime contractors and all subcontractors on a weekly basis, in accordance with federal law and the Construction Manual
Department’s Response
The Washington State Department of Transportation appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations.
As WSDOT indicated in previous years for similar findings, the draft audit finding does not consider the nature of the contractual relationship between the contractor and WSDOT as the owner. The owner's compliance with the Davis-Bacon Act and regulations cited in the finding is determined by collective actions specified by regulations and not merely by how many payrolls are collected from the contractor within a 7-day window. WSDOT, in close consultation with the FHWA, has established contract administration processes with contingencies built in to address and correct for contractor noncompliance. In addition, WSDOT will not issue project Completion until all certified payrolls are collected (Standard Specifications 1-08.5.2, Time for Completion). FHWA guidance recommends actions to take if a contractor is habitually late in submitting payrolls but leaves it up to WSDOT to determine when sanctions should be imposed. WSDOT’s Standard Specifications (1-07.9(5)) on certified payrolls aligns with FHWA guidance. Sanctions are imposed as appropriate during the life of a contract.
In FHWA’s letter of April 25, 2019, in response to a similar finding for FY 2018, the grantor states “WSDOT’s process and policy concerning certified payrolls has been approved by FHWA through the approval of WSDOT’s Construction Manual and Standard Specifications. As part of FHWA’s approval FHWA agreed that these processes are reasonable and satisfy the intent of the Department of Labor’s certified payroll requirements, as FHWA understands them. FHWA believes that the procedures contain the necessary controls to ensure compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts…”
In the July 6, 2020, response from FHWA on a similar finding for FY 2019, FHWA indicated “FHWA believes that WSDOT’s procedures contain the necessary controls to ensure reasonable compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts Questions and Answers. FHWA considers this finding to be resolved.”
In this year’s audit, the State Auditor sampled 58 weeks and the required 245 certified payrolls for contract work performed on federally funded construction projects during that time period. WSDOT collected all of the required 245 certified payrolls. Of these payrolls 153 were received one or more days late, but of these only 28 were 30-days or more late and only 15 (6%) were 60-days or more late. This represents only 1 percent above the exception threshold typically allowed by the State Auditor. At 60-days, the Department has its first opportunity to initiate sanctions against the contractor. Of the 15 payrolls that were at least 60-days late, WSDOT deferred (withheld) 10 payments on 2 of the contracts. Sanctions prior to 60-days, are not feasible, as the contractors are paid monthly for the prior month’s work, and WSDOT has 30-days to process payments. The draft finding notes that for several weeks “the Project Engineers did not notify the contractor in PWIA to submit the required payrolls”, however, many notifications were provided via email for 5 of tested contracts, but these were not taken into account, as SAO indicated they did not use the “approved method.”
WSDOT is in the midst of delivering its largest and one of its most complex construction programs in our history, and is doing so with lower and less experienced staffing levels than it had to deliver past construction programs. We will continue to look for opportunities to improve our process as well as our documentation to demonstrate compliance with the Davis-Bacon Act requirements. In addition, we will continue consulting with FHWA for any further actions needed to resolve this finding.
Auditor’s Remarks
The U.S. Department of Labor establishes the Davis-Bacon Act and related requirements concerning federally-funded construction projects. Title 29 Code of Federal Regulations (CFR) Subpart A – Davis-Bacon and Related Acts Provisions and Procedures, Subsection 5.5, requires that the Department collect certified payrolls from its contractors. 5.5(a)(ii)(A) stipulates that contractors and/or subcontractors must submit payrolls weekly and for each week in which Davis-Bacon or Related Acts-covered work is performed. The Department enters into federal-aid construction contracts with its contractors and is therefore required to ensure compliance with these federal requirements for its projects.
Furthermore, the USDOL Wage and Hour Division’s Final Rule (effective October 23, 2023) concerning the Davis-Bacon and Related Acts Regulations, stipulates that “contractors and subcontractors are required to provide certified payrolls to the contracting agency to demonstrate their compliance with Davis-Bacon Act requirements on a weekly basis,” and that “the Department cannot allow contractors to pay required prevailing wages or submit certified payrolls on a basis less frequent than weekly.”
In its response, the Department states it has established contract administration processes with contingencies built in to address and correct for contractor noncompliance regarding missing and/or late certified weekly payrolls. However, the high rate of noncompliance identified in the audit indicates that these processes are not effective in ensuring that contractors submit the required certified payrolls weekly, as required by federal law and the Department's Construction Manual. Additionally, for each of the 48 weeks we identified in which contractors failed to submit certified payrolls timely, our Office requested from the Department evidence that it imposed sanctions upon the contractors, and the Department provided us with no such documentation.
The Department also states it is not feasible to impose sanctions upon contractors with habitually late payrolls before 60 days have passed from the week(s) of work ending due to its designed payment delivery method. Without ensuring its prime contractors have submitted certified payrolls for their employees and for all approved subcontractors performing work under the contract, the Department cannot ensure the contractor has paid prevailing wages to all laborers and mechanics, and that laborers have been paid on a weekly basis, as required by federal law. Additionally, the Department electing to pay its contractors up to 30 days after construction work has been performed is not effective to prevent contractor noncompliance with submitting certified payrolls on a weekly basis, as required.
The Construction Manual, Section 1-07.9(5) Required Documents, states that certified payroll must be submitted to the Project Engineer through PWIA for each contractor, subcontractor, and each lower tier subcontractor performing work on the project, and that the PWIA system will be used to track requests made for missing certified payrolls. Therefore, we noted in our audit finding the instances when the Department’s Project Engineers failed to request overdue certified payrolls from contractors in PWIA, as that is the official system of record required to be used by the Department.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 29 CFR Part 5, Labor Standards Provisions Applicable to Contract Covering Federally Financed and Assisted Constructed (Also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standard Act), section 5, Contract provisions and related matters, establishes the requirements for including prevailing wage clauses in federal-aid contracts, payment withholding, and required documents.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Federal Highway Administration Davis-Bacon and Related Acts Questions and Answers, section 56, states that contracting agencies are responsible for properly applying and enforcing prevailing wage requirements in covered contracts including:
a) Verifying that covered contracts have incorporated the required Davis-Bacon clauses and the applicable wage determination(s);
b) Verifying that the Davis-Bacon notice and the applicable wage determination(s) are displayed at the site of the work in a conspicuous location in clear view of everyone;
c) Reviewing certified payrolls in a timely manner;
d) Conducting employee interviews;
e) Conducting reviews and investigations of covered contracts in conjunction with FHWA as appropriate;
f) Forwarding refusal to pay and/or debarment consideration cases to the USDOL Wage and Hour Division for appropriate action; and
g) Submitting enforcement reports and semi-annual enforcement reports to the USDOL Wage and Hour Division.
The Washington State Department of Transportation’s Construction Manual M41-01.41, December 2022 edition, section 1-07.9, Wages, states in part:
Federal Prevailing Wage
Enforcement of Federal Prevailing Wage Provisions
In addition to the requirements of Standard Specifications Section 1-07.9, all Contracts financed with Federal funding includes the Required Contract Provisions for Federal-Aid Construction Contracts (FHWA-1273). These provisions identify Federal wage requirements. The Federal prevailing wage requirements included in these provisions are also commonly referred to as Davis Bacon and Related Acts (DBRA). It is the Project Engineer’s responsibility to monitor and enforce these provisions to the degree necessary to ensure full compliance. In order to comply with these requirements, the Contractor must:
Submit weekly certified payrolls to the Project Engineer through LNI’s Prevailing Wage Intents and Affidavits (PWIA) system.
Ensure each Subcontractor, and each agent or lower-tier subcontractor submits weekly certified payrolls to the Project Engineer through PWIA.
SS1-07.9(5) Required Documents
Statement of Intent
Every Contractor, Subcontractor, agent, or lower tier subcontractor performing work on a public works contract must submit a Statement of Intent to Pay Prevailing Wages to LNI for approval. Separate Intents are required for each Request to Sublet submitted on the project. Hiring Contractors are required to file an Intent if they hire a lower tier subcontractor subject to prevailing wages.
Certified payroll must be submitted to the Project Engineer through PWIA for each Contractor, Subcontractor, and each lower tier subcontractor performing work on the project, regardless of funding source or delivery method. Certified payrolls are required from the time each Firm begins performing Contract work until the time the Affidavit is visible in PWIA, or until the Contractor has identified their last certified payroll has been submitted.
A tracking sheet is required to document when Project Office staff verify that certified payrolls are received through PWIA. The frequency of verification depends on the funding source of the project. Weekly verification is required for federally funded projects, while monthly verification is required for state funded contracts. The tracking sheet needs to indicate that all active Contracts have been checked for late or missing certified payrolls. PWIA will be used to track requests made for missing certified payrolls. A separate tracking sheet may be used to track which certified payrolls have been verified for each project.
Federally funded projects require weekly submittals. Further review of the payroll will be required to ensure the Federal prevailed wage rate is met using the Wage Determination included in the Contract Special Provisions.
Federally funded Contracts:
• Weekly submittals
• No leniency on late submittals
• Required for every week, whether work was performed or not
• Enforcement of all Federal requirements will remain WSDOT responsibility
Federally funded projects require weekly submittal of certified payrolls. If the Contractor is unable to submit their payroll electronically using PWIA, they must submit the certified payrolls directly to the Project Office.
Non-compliance or non-submittal could result in the Project Engineer withholding an appropriate portion of payment (see Section SS 1-09.9).
The Washington State Department of Transportation’s Construction Manual M41-01.41, December 2022 edition, section 1-09, Measurement and Payment, subsection 9, Payments, states in part:
Withholding of Payments
Withholding payments for the work the Contractor has performed and completed in accordance with the contract should not be done casually. There must be clear contract language supporting the action. The authority to withhold progress payments is subdelegated to the Regions. Further delegation to the Project Engineers is at the discretion of each Region.
Delinquent Contractor Submittals
Missing submittals is a principal source of delays in closing out the project and processing the final estimate. As the project proceeds toward completion, the Project Engineer and the Contractor should attempt to obtain all submittals as the need arises. These might include such things as materials certificates, certified payrolls, extension of time requests, or any other item or document that delay processing the final estimate.
2023-014 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with quality assurance program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction Cluster.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction Program
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Quality Assurance Program
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-011
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $706 million in federal Highway Planning and Construction program funds during fiscal year 2023. Of that amount, it spent more than $343 million on state-administered construction projects.
Federal regulations require that the Department have a quality assurance (QA) program, approved by the Federal Highway Administration (FHWA), for construction projects on the National Highway System to ensure that materials and workmanship conform to approved plans and specifications. Verification sampling must be performed by qualified testing personnel employed by the Department or its designated agent, excluding the contractor.
The Department’s QA program requirements are outlined in the Construction Manual, which is approved by the FHWA. This manual documents how materials are tested for acceptance before being incorporated into construction projects. Materials can be accepted in various ways, such as sample testing, a visual inspection documented by the Field Note Record or Inspector’s Daily Report, or a certification of compliance from the manufacturer. If a materials test is required, the Department must ensure that only qualified people perform the testing, including independent testers, consultants or certified Department employees.
To ensure that materials incorporated into a project meet approved plans and specifications, the Department prepares a list of prescribed materials to be used on the project. The Department uploads this list to a program called the Record of Materials (ROM). The ROM sets forth the materials and quantities that are expected to be used on the project, and it documents the proper acceptance criteria, including any test(s) personnel are required to perform on a material. Once created, Project Engineers responsible for managing the construction project update the ROM to indicate the type and quantity of materials incorporated into the project so management can ensure the materials test(s) that are required for acceptance have occurred.
To ensure that only qualified people perform the testing, testers must pass a certification exam, which consists of a written and performance exam. After passing both, the testers are entered into the Qualified Tester Database and are certified for five years, after which they must recertify by passing both exams again. There are two different types of tester qualifications: module and method. Module testers are proficient in multiple method tests that can encompass all method tests for a particular material, whereas method testers may only be proficient in particular tests for any given material.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed materials testing for projects funded by the Highway Planning and Construction Cluster. The prior finding numbers were 2022-011, 2021-011, 2020-017 and 2019-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction Cluster.
We used a statistically valid sampling method to randomly select 58 out of 1,991 materials that were used on federally funded projects during state fiscal year 2023.
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
For the 58 randomly selected materials, we requested supporting documentation for acceptance and/or testing of the material. We found:
• Three materials (5 percent) where testing did not occur, or the Department was unable to provide documentation justifying the item did not require testing.
• Two additional materials (3 percent) where the Department did not provide adequate supporting documentation to demonstrate the materials we selected were properly tested, according to the Standard Specifications. One of these materials did not meet the minimum acceptance criteria outlined in the Standard Specifications, and the Department paid the contractor for the material used on the project.
Testing personnel were not properly certified
We reviewed documentation to verify whether the testers performing sampling activities for the Department had all required documents to support their certification. We found:
• Four instances (7 percent) where the tester was missing a required exam for certification
• Three instances (5 percent) where the Department was unable to provide documentation to support that the tester met certification requirements. All three instances correspond to materials for which the Department could produce no records demonstrating the items were tested for acceptance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
Management did not adequately monitor project offices to ensure required materials testing and acceptance occurred in accordance with the Construction Manual.
Testing personnel were not properly certified
Project Engineers did not ensure tester qualifications were current, and management did not ensure that only qualified testers performed materials testing and acceptance on behalf of the Department.
Effect of Condition
By not adequately monitoring project materials to ensure they conform to approved plans and specifications, the Department does not have reasonable assurance that materials incorporated into projects conform to standard specifications and the Construction Manual.
By not properly verifying and documenting the testers’ qualifications, the Department risks improper materials testing. This could result in the Department using materials that may not conform to approved plans and specifications.
Recommendations
We recommend the Department:
• Improve internal controls, and monitor project offices, to ensure that required sampling activities occur, as required, and permanently incorporated materials conform to standard specifications for all federal aid construction projects
• Strengthen internal controls to ensure testers have completed all required exams—and that they have proper documentation of passing these exams—before performing sampling activities
Continue to review all testers to ensure they meet the minimum requirements for certification
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Federal Highway Program and the federally required Quality Assurance (QA) program. The Department is committed to ensuring our programs continue to comply with federal regulations and recognizes that there are always opportunities for improvement to its QA program.
The Department is working towards replacement of its ROM legacy system; therefore, it was not practical to modify this system to help correct issues reported in a similar finding in the FY 2022 Single Audit. Instead, the Department eliminated its practice requiring updates to the ROM within 30 days of payment and instead relies on the required documentation, as evidence of proper material acceptance. These changes were made during FY2023, which did not allow time to be fully reflected in the current year’s audit. In addition, in January 2023 WSDOT modified its practice related to how tester data is reviewed and entered into the tester certification tracking system, as a result of audit recommendations from the FY 2022 audit. All offices now funnel tester data to the Headquarters Quality Assurance Program for review and entry. These changes to practices were communicated to appropriate staff and are reflected in the Construction Manual, which was reviewed and approved by FHWA.
Materials Acceptance
The construction contracts awarded in FY23 utilizing federal funding contained more than 4,700 materials, with approximately 1,100 of them requiring testing. The State Auditor tested 58 materials of the approximately 1,100 requiring testing; however, through our review the Department found only 4 materials (6.8%) where we could not provide documentation to support that testing occurred or was not required.
Testing Personnel Certifications
The State Auditor reviewed documentation for whether the testers performing materials sampling activities for the Department had all required documents to support their certification and took exception to documentation provided. The Department did not provide certification documents for 2 of the testers responsible for 4 of the materials tests included in the audit.
The Department has worked closely with the Federal Highway Administration (FHWA) on our QA program and continues to receive feedback from them on the strength of our program. The Department will continue to put improvements in place for the QA program based on the SAO audit recommendations. These issues were discussed at the 2024 Material Assurance Training offered 3/20/2024, and we will continue to deliver other training to Project Engineering Offices to emphasize QA program requirements throughout the year.
Auditor’s Remarks
We thank the Department for its cooperation and assistance during the audit.
We maintain that there are five materials out of 58 (8.6 percent) examined during the audit that did not have adequate supporting documentation to demonstrate the materials met the minimum acceptance criteria according to the Department’s Construction Manual. We used a statistical sampling methodology for this test and therefore expect the error rate of 8.6 percent to be representative of the entire population of 1,100 materials.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 23 U.S. Code of Federal Regulations (CFR) Part 637, Construction Inspection and Approval establishes the following applicable requirements:
Section 637.201 Purpose
To prescribe policies, procedures, and guidelines to assure the quality of materials and construction in all Federal-aid highway projects on the National Highway System.
Section 637.205 Policy
a) Quality assurance program. Each STD shall develop a quality assurance program which will assure that the materials and workmanship incorporated into each Federal-aid highway construction project on the NHS are in conformity with the requirements of the approved plans and specifications, including approved changes. The program must meet criteria in (Section 637.207) and be approved by the FHWA.
b) STD capabilities. The STD shall maintain an adequate, qualified staff to administer the quality assurance program. The State shall also maintain a central laboratory. The State’s central laboratory shall meet requirements in (Section 637.209(a)(2)).
c) Verification sampling and testing. The verification sampling and testing are to be performed by qualified testing personnel employed by the STD or its designated agent, excluding the contractor and vendor.
d) Random samples. All samples used for quality control and verification sampling and testing shall be random samples.
Section 637.207 Quality assurance program
a. Each STD’s quality assurance program shall provide for an acceptance program and an independent assurance (IA) program consisting of the following:
1. Acceptance program.
i. Each STD’s acceptance program shall consist of the following:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
C. Identification of the specific attributes to be inspected which reflect the quality of the finished product.
ii. Quality control sampling and testing results may be used as part of the acceptance decision provided that:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Department of Transportation’s Construction Manual (M41-01), Chapter 9: Materials, states in part:
9-1 General
The quality of materials used on the project will be evaluated and accepted in various ways, whether by testing of samples, visual inspection, or certification of compliance. This chapter details the manner in which these materials can be accepted. Requirements for materials are described in Standard Specifications for Road, Bridge, and Municipal Construction M 41-10 Section 1-06 and Division 9.
It is the Project Engineer’s responsibility to accept materials in accordance with this chapter. For materials tests that do not meet specification requirements, the Project Engineer shall contact the State Construction Office which will coordinate with the State Materials Engineer or Assistant State Materials Engineer to determine the appropriate action.
9-1.2C Record of Materials
The Record of Materials (ROM) is used to track material type, make/model, approval, acceptance, field verification documentation, Certificate of Materials Origin, and other materials documentation.
The Project Office utilizes the ROM program to track all permanently incorporated materials that are placed in on the Contract. Temporary materials are also tracked in the ROM when the contract documents contain temporary material requirements. The Project Engineer is responsible for the accuracy of the ROM, other documentation methods used, and Certification of Materials. Acceptance requirements shown in the ROM can be modified by referencing the properly submitted QPL page or the approved Request for Approval of Materials. Reviewing the contract plans and provisions may identify additional materials documentation requirements as well as construction items that shall be added to the ROM and tracked for completion throughout the course of the project work.
In order to ensure clarity upon completion of the work and to allow for easy certification of the project by both the Project Engineer and the Region, the ROM needs to be maintained throughout the course of the project. “Maintained” and “maintain” means the ROM is updated to reflect materials placed within 30 calendar days of the material payment. This includes material type, make/model, approval, acceptance, field verification documentation, Certificate of Materials Origin and other materials documentation. For materials used in the Contract, the Project Office is required to maintain the Status Work Completed (WC)/Documentation Complete (DC) / Not Used (NU) fields in the ROM.
The Project Office is required to maintain quantities paid, quantities placed, quantities field verified for materials that have sampling frequencies, WSDOT Fabrications Inspection items, where the Acceptance Criteria requires quantities such as Manufacturer Certificate of Compliance, or when quantities are noted in the initial materials and acceptance criteria. 9-5.3 WAQTC Testing Technician Qualification Program
The Region Independent Assurance Inspectors are responsible for maintaining the Tester Qualification database information for their Region WAQTC Testers as well as maintaining the WAQTC internal certifications and records (physical and digital).
9-5.4 Method Qualified Tester Program
The Region Independent Assurance Inspectors are responsible for maintaining the Tester Qualification database information for their Region Method Testers as well as maintaining the Method internal certifications and records (physical and digital).
2023-012 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $603 million on highway projects during fiscal year 2023. Of that amount, it passed through about $331 million to local agencies through subawards for 378 new and existing projects across the state.
Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
For the subawards made during fiscal year 2023, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
We randomly selected and examined 55 of the 378 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for 17 of the 55 projects (30 percent). These risk assessments were signed and dated by Department staff after the audit period had ended. In addition, we found that 13 of the 17 assessments were not signed until after our Office requested them.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not ensure the Local Programs Engineers performed the risk assessments for each subrecipient project awarded program funds.
Effect of Condition
Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project.
Recommendations
We recommend the Department:
• Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements
• Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations.
Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. To help ensure consistency, the Department has updated position descriptions for Local Programs Engineers to reflect this requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring.
Title 2 CFR Part 200, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-013 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
20.205 COVID-19 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $706 million in federal Highway Planning and Construction program funds during fiscal year 2023. Of that amount, it spent more than $343 million on state-administered construction projects.
All laborers and mechanics employed by contractors or subcontractors to work on construction contracts exceeding $2,000 financed by federal assistance funds must be paid wages that are no less than those established for the locality of the project (prevailing wage rates) by the Department of Labor. All contractors and subcontractors are required to submit a copy of their payroll and a statement of compliance (certified payrolls) on a weekly basis, for each week in which any applicable contract work is performed. The Department’s construction projects typically involve both a prime contractor and subcontractors to complete work on the project.
The Department requires field inspectors to be onsite during construction work to ensure projects are completed in accordance with contract specifications. For every day of the week when contract work is performed, the inspector completes an Inspector Daily Report (IDR) and documents if there was any labor or mechanical work performed on that day. The IDRs are submitted to the Project Engineer, Project Manager, or Chief Inspector overseeing construction, who then reviews them to determine if any contractors must submit certified payrolls for that work week. Project Engineers are also required to document which contractors are required to submit certified payrolls each week by using a tracking report and maintaining it to identify all certified payrolls received from contractors and ensure they are documented and verified.
The Department publishes the Standard Specifications for Road, Bridge, and Municipal Construction (Standard Specifications), in addition to the Construction Manual (M.41-01.41), which applies to its construction contracts, and is approved by the U.S. Federal Highway Administration of the Department of Transportation. These specifications require contractors to submit certified payrolls to the Department on a weekly basis for each weekly payroll period. The Standard Specifications further stipulate that contractors must use the Washington State Department of Labor and Industries Prevailing Wage Intents and Affidavit System (PWIA) to submit weekly certified payrolls on federal projects. The Department’s Project Engineers are required to verify that contractor’s certified payrolls are submitted on a weekly basis in PWIA. If the contractor’s certifications are not submitted in a timely manner, the specifications allow the Department to withhold payment from contractors and enact other sanctions as necessary.
The Construction Manual also requires contractors to submit a Request to Sublet to gain authorization to use a subcontractor on a project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the program.
We found that the Department’s internal controls were not adequate to ensure all contractors and subcontractors submitted certified payrolls on a weekly basis, as required by federal law and the Standard Specifications.
We used a statistical sampling method and randomly selected 58 out of a total 3,931 of weeks in which contract work was performed on federally funded construction projects, to determine whether the Department received certified payrolls from the prime contractor and all subcontractors performing work on the project on a weekly basis, as required by federal law. We identified all 58 weeks required a total of 245 certified payrolls to be submitted to the Department.
Collecting certified payrolls
The Department did not collect all certified payrolls from the prime contractor and subcontractors on a weekly basis for 48 of the 58 weeks we examined (83 percent). For 45 of those weeks, we determined the Project Engineer did not notify the contractor in PWIA to submit the required payrolls. The Department provided no documentation demonstrating it withheld payments from or imposed additional sanctions upon prime contractors with late or overdue certified payrolls.
Of the 245 total certified payrolls submitted, 153 (62 percent) were not submitted within seven days (or one week) of the payroll week ending date, as required. On average, these payrolls were 23 days late, and 25 payrolls were more than 30 days late. For each of the 48 weeks, between one and 13 certified payrolls were submitted late. The Department requested overdue payrolls from contractors for 13 of those weeks.
We also found 12 weeks where the Project Engineer failed to document that certified payrolls were due for contractors that later submitted them in PWIA.
Internal controls and review of certified payrolls
We found that five of the 58 (9 percent) selected weeks were for projects that did not have an approved Request to Sublet form for all subcontractors on the project, as required by Department policy.
We also found that for 57 weeks, the Project Engineer assigned to oversee the project did not document that all required certified payrolls were received from contractors, as required by Department policy.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not adequately monitor to ensure compliance with federal requirements. While the Department’s Construction Manual and Standard Specifications have documented policies and procedures in place for Project Engineers and regional offices to follow to track certified payrolls, follow-up on late submissions, and issue sanctions, Project Engineers did not consistently follow these policies in monitoring contractors for compliance.
In addition, the Department’s Construction Manual does not specify how Project Engineers must document certified payrolls due for construction projects, and management does not have a standardized form for Project Engineers to use for tracking certified payrolls. Management did not adequately monitor Project Engineers to ensure they followed the standards outlined in the Construction Manual.
Effect of Condition
When the Department does not collect all certified payrolls timely, it cannot ensure that laborers working on federally funded construction contracts are paid the applicable prevailing wages, as required by law.
In addition, by not collecting certified payrolls on a weekly basis, the Department is not in compliance with federal requirements, and may be subject to actions by the federal grantor.
Recommendations
We recommend the Department:
• Monitor project offices to ensure contractors are notified when they have not provided certified payrolls for a given week of contract work
• Improve internal controls to ensure project offices monitor the status of certified payrolls due from contractors on a weekly basis, contractors are made aware of delinquent payrolls, and consideration is given to assessing sanctions on noncompliant contractors in accordance with its Standard Specifications, such as withholding any or all payments, as necessary, when contractors do not submit required certified payrolls on a weekly basis
• Ensure certified payrolls are collected from prime contractors and all subcontractors on a weekly basis, in accordance with federal law and the Construction Manual
Department’s Response
The Washington State Department of Transportation appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations.
As WSDOT indicated in previous years for similar findings, the draft audit finding does not consider the nature of the contractual relationship between the contractor and WSDOT as the owner. The owner's compliance with the Davis-Bacon Act and regulations cited in the finding is determined by collective actions specified by regulations and not merely by how many payrolls are collected from the contractor within a 7-day window. WSDOT, in close consultation with the FHWA, has established contract administration processes with contingencies built in to address and correct for contractor noncompliance. In addition, WSDOT will not issue project Completion until all certified payrolls are collected (Standard Specifications 1-08.5.2, Time for Completion). FHWA guidance recommends actions to take if a contractor is habitually late in submitting payrolls but leaves it up to WSDOT to determine when sanctions should be imposed. WSDOT’s Standard Specifications (1-07.9(5)) on certified payrolls aligns with FHWA guidance. Sanctions are imposed as appropriate during the life of a contract.
In FHWA’s letter of April 25, 2019, in response to a similar finding for FY 2018, the grantor states “WSDOT’s process and policy concerning certified payrolls has been approved by FHWA through the approval of WSDOT’s Construction Manual and Standard Specifications. As part of FHWA’s approval FHWA agreed that these processes are reasonable and satisfy the intent of the Department of Labor’s certified payroll requirements, as FHWA understands them. FHWA believes that the procedures contain the necessary controls to ensure compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts…”
In the July 6, 2020, response from FHWA on a similar finding for FY 2019, FHWA indicated “FHWA believes that WSDOT’s procedures contain the necessary controls to ensure reasonable compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts Questions and Answers. FHWA considers this finding to be resolved.”
In this year’s audit, the State Auditor sampled 58 weeks and the required 245 certified payrolls for contract work performed on federally funded construction projects during that time period. WSDOT collected all of the required 245 certified payrolls. Of these payrolls 153 were received one or more days late, but of these only 28 were 30-days or more late and only 15 (6%) were 60-days or more late. This represents only 1 percent above the exception threshold typically allowed by the State Auditor. At 60-days, the Department has its first opportunity to initiate sanctions against the contractor. Of the 15 payrolls that were at least 60-days late, WSDOT deferred (withheld) 10 payments on 2 of the contracts. Sanctions prior to 60-days, are not feasible, as the contractors are paid monthly for the prior month’s work, and WSDOT has 30-days to process payments. The draft finding notes that for several weeks “the Project Engineers did not notify the contractor in PWIA to submit the required payrolls”, however, many notifications were provided via email for 5 of tested contracts, but these were not taken into account, as SAO indicated they did not use the “approved method.”
WSDOT is in the midst of delivering its largest and one of its most complex construction programs in our history, and is doing so with lower and less experienced staffing levels than it had to deliver past construction programs. We will continue to look for opportunities to improve our process as well as our documentation to demonstrate compliance with the Davis-Bacon Act requirements. In addition, we will continue consulting with FHWA for any further actions needed to resolve this finding.
Auditor’s Remarks
The U.S. Department of Labor establishes the Davis-Bacon Act and related requirements concerning federally-funded construction projects. Title 29 Code of Federal Regulations (CFR) Subpart A – Davis-Bacon and Related Acts Provisions and Procedures, Subsection 5.5, requires that the Department collect certified payrolls from its contractors. 5.5(a)(ii)(A) stipulates that contractors and/or subcontractors must submit payrolls weekly and for each week in which Davis-Bacon or Related Acts-covered work is performed. The Department enters into federal-aid construction contracts with its contractors and is therefore required to ensure compliance with these federal requirements for its projects.
Furthermore, the USDOL Wage and Hour Division’s Final Rule (effective October 23, 2023) concerning the Davis-Bacon and Related Acts Regulations, stipulates that “contractors and subcontractors are required to provide certified payrolls to the contracting agency to demonstrate their compliance with Davis-Bacon Act requirements on a weekly basis,” and that “the Department cannot allow contractors to pay required prevailing wages or submit certified payrolls on a basis less frequent than weekly.”
In its response, the Department states it has established contract administration processes with contingencies built in to address and correct for contractor noncompliance regarding missing and/or late certified weekly payrolls. However, the high rate of noncompliance identified in the audit indicates that these processes are not effective in ensuring that contractors submit the required certified payrolls weekly, as required by federal law and the Department's Construction Manual. Additionally, for each of the 48 weeks we identified in which contractors failed to submit certified payrolls timely, our Office requested from the Department evidence that it imposed sanctions upon the contractors, and the Department provided us with no such documentation.
The Department also states it is not feasible to impose sanctions upon contractors with habitually late payrolls before 60 days have passed from the week(s) of work ending due to its designed payment delivery method. Without ensuring its prime contractors have submitted certified payrolls for their employees and for all approved subcontractors performing work under the contract, the Department cannot ensure the contractor has paid prevailing wages to all laborers and mechanics, and that laborers have been paid on a weekly basis, as required by federal law. Additionally, the Department electing to pay its contractors up to 30 days after construction work has been performed is not effective to prevent contractor noncompliance with submitting certified payrolls on a weekly basis, as required.
The Construction Manual, Section 1-07.9(5) Required Documents, states that certified payroll must be submitted to the Project Engineer through PWIA for each contractor, subcontractor, and each lower tier subcontractor performing work on the project, and that the PWIA system will be used to track requests made for missing certified payrolls. Therefore, we noted in our audit finding the instances when the Department’s Project Engineers failed to request overdue certified payrolls from contractors in PWIA, as that is the official system of record required to be used by the Department.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 29 CFR Part 5, Labor Standards Provisions Applicable to Contract Covering Federally Financed and Assisted Constructed (Also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standard Act), section 5, Contract provisions and related matters, establishes the requirements for including prevailing wage clauses in federal-aid contracts, payment withholding, and required documents.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Federal Highway Administration Davis-Bacon and Related Acts Questions and Answers, section 56, states that contracting agencies are responsible for properly applying and enforcing prevailing wage requirements in covered contracts including:
a) Verifying that covered contracts have incorporated the required Davis-Bacon clauses and the applicable wage determination(s);
b) Verifying that the Davis-Bacon notice and the applicable wage determination(s) are displayed at the site of the work in a conspicuous location in clear view of everyone;
c) Reviewing certified payrolls in a timely manner;
d) Conducting employee interviews;
e) Conducting reviews and investigations of covered contracts in conjunction with FHWA as appropriate;
f) Forwarding refusal to pay and/or debarment consideration cases to the USDOL Wage and Hour Division for appropriate action; and
g) Submitting enforcement reports and semi-annual enforcement reports to the USDOL Wage and Hour Division.
The Washington State Department of Transportation’s Construction Manual M41-01.41, December 2022 edition, section 1-07.9, Wages, states in part:
Federal Prevailing Wage
Enforcement of Federal Prevailing Wage Provisions
In addition to the requirements of Standard Specifications Section 1-07.9, all Contracts financed with Federal funding includes the Required Contract Provisions for Federal-Aid Construction Contracts (FHWA-1273). These provisions identify Federal wage requirements. The Federal prevailing wage requirements included in these provisions are also commonly referred to as Davis Bacon and Related Acts (DBRA). It is the Project Engineer’s responsibility to monitor and enforce these provisions to the degree necessary to ensure full compliance. In order to comply with these requirements, the Contractor must:
Submit weekly certified payrolls to the Project Engineer through LNI’s Prevailing Wage Intents and Affidavits (PWIA) system.
Ensure each Subcontractor, and each agent or lower-tier subcontractor submits weekly certified payrolls to the Project Engineer through PWIA.
SS1-07.9(5) Required Documents
Statement of Intent
Every Contractor, Subcontractor, agent, or lower tier subcontractor performing work on a public works contract must submit a Statement of Intent to Pay Prevailing Wages to LNI for approval. Separate Intents are required for each Request to Sublet submitted on the project. Hiring Contractors are required to file an Intent if they hire a lower tier subcontractor subject to prevailing wages.
Certified payroll must be submitted to the Project Engineer through PWIA for each Contractor, Subcontractor, and each lower tier subcontractor performing work on the project, regardless of funding source or delivery method. Certified payrolls are required from the time each Firm begins performing Contract work until the time the Affidavit is visible in PWIA, or until the Contractor has identified their last certified payroll has been submitted.
A tracking sheet is required to document when Project Office staff verify that certified payrolls are received through PWIA. The frequency of verification depends on the funding source of the project. Weekly verification is required for federally funded projects, while monthly verification is required for state funded contracts. The tracking sheet needs to indicate that all active Contracts have been checked for late or missing certified payrolls. PWIA will be used to track requests made for missing certified payrolls. A separate tracking sheet may be used to track which certified payrolls have been verified for each project.
Federally funded projects require weekly submittals. Further review of the payroll will be required to ensure the Federal prevailed wage rate is met using the Wage Determination included in the Contract Special Provisions.
Federally funded Contracts:
• Weekly submittals
• No leniency on late submittals
• Required for every week, whether work was performed or not
• Enforcement of all Federal requirements will remain WSDOT responsibility
Federally funded projects require weekly submittal of certified payrolls. If the Contractor is unable to submit their payroll electronically using PWIA, they must submit the certified payrolls directly to the Project Office.
Non-compliance or non-submittal could result in the Project Engineer withholding an appropriate portion of payment (see Section SS 1-09.9).
The Washington State Department of Transportation’s Construction Manual M41-01.41, December 2022 edition, section 1-09, Measurement and Payment, subsection 9, Payments, states in part:
Withholding of Payments
Withholding payments for the work the Contractor has performed and completed in accordance with the contract should not be done casually. There must be clear contract language supporting the action. The authority to withhold progress payments is subdelegated to the Regions. Further delegation to the Project Engineers is at the discretion of each Region.
Delinquent Contractor Submittals
Missing submittals is a principal source of delays in closing out the project and processing the final estimate. As the project proceeds toward completion, the Project Engineer and the Contractor should attempt to obtain all submittals as the need arises. These might include such things as materials certificates, certified payrolls, extension of time requests, or any other item or document that delay processing the final estimate.
2023-014 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with quality assurance program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction Cluster.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction Program
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Quality Assurance Program
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-011
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $706 million in federal Highway Planning and Construction program funds during fiscal year 2023. Of that amount, it spent more than $343 million on state-administered construction projects.
Federal regulations require that the Department have a quality assurance (QA) program, approved by the Federal Highway Administration (FHWA), for construction projects on the National Highway System to ensure that materials and workmanship conform to approved plans and specifications. Verification sampling must be performed by qualified testing personnel employed by the Department or its designated agent, excluding the contractor.
The Department’s QA program requirements are outlined in the Construction Manual, which is approved by the FHWA. This manual documents how materials are tested for acceptance before being incorporated into construction projects. Materials can be accepted in various ways, such as sample testing, a visual inspection documented by the Field Note Record or Inspector’s Daily Report, or a certification of compliance from the manufacturer. If a materials test is required, the Department must ensure that only qualified people perform the testing, including independent testers, consultants or certified Department employees.
To ensure that materials incorporated into a project meet approved plans and specifications, the Department prepares a list of prescribed materials to be used on the project. The Department uploads this list to a program called the Record of Materials (ROM). The ROM sets forth the materials and quantities that are expected to be used on the project, and it documents the proper acceptance criteria, including any test(s) personnel are required to perform on a material. Once created, Project Engineers responsible for managing the construction project update the ROM to indicate the type and quantity of materials incorporated into the project so management can ensure the materials test(s) that are required for acceptance have occurred.
To ensure that only qualified people perform the testing, testers must pass a certification exam, which consists of a written and performance exam. After passing both, the testers are entered into the Qualified Tester Database and are certified for five years, after which they must recertify by passing both exams again. There are two different types of tester qualifications: module and method. Module testers are proficient in multiple method tests that can encompass all method tests for a particular material, whereas method testers may only be proficient in particular tests for any given material.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed materials testing for projects funded by the Highway Planning and Construction Cluster. The prior finding numbers were 2022-011, 2021-011, 2020-017 and 2019-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction Cluster.
We used a statistically valid sampling method to randomly select 58 out of 1,991 materials that were used on federally funded projects during state fiscal year 2023.
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
For the 58 randomly selected materials, we requested supporting documentation for acceptance and/or testing of the material. We found:
• Three materials (5 percent) where testing did not occur, or the Department was unable to provide documentation justifying the item did not require testing.
• Two additional materials (3 percent) where the Department did not provide adequate supporting documentation to demonstrate the materials we selected were properly tested, according to the Standard Specifications. One of these materials did not meet the minimum acceptance criteria outlined in the Standard Specifications, and the Department paid the contractor for the material used on the project.
Testing personnel were not properly certified
We reviewed documentation to verify whether the testers performing sampling activities for the Department had all required documents to support their certification. We found:
• Four instances (7 percent) where the tester was missing a required exam for certification
• Three instances (5 percent) where the Department was unable to provide documentation to support that the tester met certification requirements. All three instances correspond to materials for which the Department could produce no records demonstrating the items were tested for acceptance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
Management did not adequately monitor project offices to ensure required materials testing and acceptance occurred in accordance with the Construction Manual.
Testing personnel were not properly certified
Project Engineers did not ensure tester qualifications were current, and management did not ensure that only qualified testers performed materials testing and acceptance on behalf of the Department.
Effect of Condition
By not adequately monitoring project materials to ensure they conform to approved plans and specifications, the Department does not have reasonable assurance that materials incorporated into projects conform to standard specifications and the Construction Manual.
By not properly verifying and documenting the testers’ qualifications, the Department risks improper materials testing. This could result in the Department using materials that may not conform to approved plans and specifications.
Recommendations
We recommend the Department:
• Improve internal controls, and monitor project offices, to ensure that required sampling activities occur, as required, and permanently incorporated materials conform to standard specifications for all federal aid construction projects
• Strengthen internal controls to ensure testers have completed all required exams—and that they have proper documentation of passing these exams—before performing sampling activities
Continue to review all testers to ensure they meet the minimum requirements for certification
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Federal Highway Program and the federally required Quality Assurance (QA) program. The Department is committed to ensuring our programs continue to comply with federal regulations and recognizes that there are always opportunities for improvement to its QA program.
The Department is working towards replacement of its ROM legacy system; therefore, it was not practical to modify this system to help correct issues reported in a similar finding in the FY 2022 Single Audit. Instead, the Department eliminated its practice requiring updates to the ROM within 30 days of payment and instead relies on the required documentation, as evidence of proper material acceptance. These changes were made during FY2023, which did not allow time to be fully reflected in the current year’s audit. In addition, in January 2023 WSDOT modified its practice related to how tester data is reviewed and entered into the tester certification tracking system, as a result of audit recommendations from the FY 2022 audit. All offices now funnel tester data to the Headquarters Quality Assurance Program for review and entry. These changes to practices were communicated to appropriate staff and are reflected in the Construction Manual, which was reviewed and approved by FHWA.
Materials Acceptance
The construction contracts awarded in FY23 utilizing federal funding contained more than 4,700 materials, with approximately 1,100 of them requiring testing. The State Auditor tested 58 materials of the approximately 1,100 requiring testing; however, through our review the Department found only 4 materials (6.8%) where we could not provide documentation to support that testing occurred or was not required.
Testing Personnel Certifications
The State Auditor reviewed documentation for whether the testers performing materials sampling activities for the Department had all required documents to support their certification and took exception to documentation provided. The Department did not provide certification documents for 2 of the testers responsible for 4 of the materials tests included in the audit.
The Department has worked closely with the Federal Highway Administration (FHWA) on our QA program and continues to receive feedback from them on the strength of our program. The Department will continue to put improvements in place for the QA program based on the SAO audit recommendations. These issues were discussed at the 2024 Material Assurance Training offered 3/20/2024, and we will continue to deliver other training to Project Engineering Offices to emphasize QA program requirements throughout the year.
Auditor’s Remarks
We thank the Department for its cooperation and assistance during the audit.
We maintain that there are five materials out of 58 (8.6 percent) examined during the audit that did not have adequate supporting documentation to demonstrate the materials met the minimum acceptance criteria according to the Department’s Construction Manual. We used a statistical sampling methodology for this test and therefore expect the error rate of 8.6 percent to be representative of the entire population of 1,100 materials.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 23 U.S. Code of Federal Regulations (CFR) Part 637, Construction Inspection and Approval establishes the following applicable requirements:
Section 637.201 Purpose
To prescribe policies, procedures, and guidelines to assure the quality of materials and construction in all Federal-aid highway projects on the National Highway System.
Section 637.205 Policy
a) Quality assurance program. Each STD shall develop a quality assurance program which will assure that the materials and workmanship incorporated into each Federal-aid highway construction project on the NHS are in conformity with the requirements of the approved plans and specifications, including approved changes. The program must meet criteria in (Section 637.207) and be approved by the FHWA.
b) STD capabilities. The STD shall maintain an adequate, qualified staff to administer the quality assurance program. The State shall also maintain a central laboratory. The State’s central laboratory shall meet requirements in (Section 637.209(a)(2)).
c) Verification sampling and testing. The verification sampling and testing are to be performed by qualified testing personnel employed by the STD or its designated agent, excluding the contractor and vendor.
d) Random samples. All samples used for quality control and verification sampling and testing shall be random samples.
Section 637.207 Quality assurance program
a. Each STD’s quality assurance program shall provide for an acceptance program and an independent assurance (IA) program consisting of the following:
1. Acceptance program.
i. Each STD’s acceptance program shall consist of the following:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
C. Identification of the specific attributes to be inspected which reflect the quality of the finished product.
ii. Quality control sampling and testing results may be used as part of the acceptance decision provided that:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Department of Transportation’s Construction Manual (M41-01), Chapter 9: Materials, states in part:
9-1 General
The quality of materials used on the project will be evaluated and accepted in various ways, whether by testing of samples, visual inspection, or certification of compliance. This chapter details the manner in which these materials can be accepted. Requirements for materials are described in Standard Specifications for Road, Bridge, and Municipal Construction M 41-10 Section 1-06 and Division 9.
It is the Project Engineer’s responsibility to accept materials in accordance with this chapter. For materials tests that do not meet specification requirements, the Project Engineer shall contact the State Construction Office which will coordinate with the State Materials Engineer or Assistant State Materials Engineer to determine the appropriate action.
9-1.2C Record of Materials
The Record of Materials (ROM) is used to track material type, make/model, approval, acceptance, field verification documentation, Certificate of Materials Origin, and other materials documentation.
The Project Office utilizes the ROM program to track all permanently incorporated materials that are placed in on the Contract. Temporary materials are also tracked in the ROM when the contract documents contain temporary material requirements. The Project Engineer is responsible for the accuracy of the ROM, other documentation methods used, and Certification of Materials. Acceptance requirements shown in the ROM can be modified by referencing the properly submitted QPL page or the approved Request for Approval of Materials. Reviewing the contract plans and provisions may identify additional materials documentation requirements as well as construction items that shall be added to the ROM and tracked for completion throughout the course of the project work.
In order to ensure clarity upon completion of the work and to allow for easy certification of the project by both the Project Engineer and the Region, the ROM needs to be maintained throughout the course of the project. “Maintained” and “maintain” means the ROM is updated to reflect materials placed within 30 calendar days of the material payment. This includes material type, make/model, approval, acceptance, field verification documentation, Certificate of Materials Origin and other materials documentation. For materials used in the Contract, the Project Office is required to maintain the Status Work Completed (WC)/Documentation Complete (DC) / Not Used (NU) fields in the ROM.
The Project Office is required to maintain quantities paid, quantities placed, quantities field verified for materials that have sampling frequencies, WSDOT Fabrications Inspection items, where the Acceptance Criteria requires quantities such as Manufacturer Certificate of Compliance, or when quantities are noted in the initial materials and acceptance criteria. 9-5.3 WAQTC Testing Technician Qualification Program
The Region Independent Assurance Inspectors are responsible for maintaining the Tester Qualification database information for their Region WAQTC Testers as well as maintaining the WAQTC internal certifications and records (physical and digital).
9-5.4 Method Qualified Tester Program
The Region Independent Assurance Inspectors are responsible for maintaining the Tester Qualification database information for their Region Method Testers as well as maintaining the Method internal certifications and records (physical and digital).
2023-015 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with cash management requirements for the Formula Grants for Rural Areas program.
Assistance Listing Number and Title: 20.509 Formula Grants for Rural Areas
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: WA-2019-091-01; WA-2020-038-01;
WA-2021-052-01; WA-2021-130-01;
WA-2021-133-01; WA-2022-031-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Known Questioned Cost Amount: $41,555
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation administers the Section 5311 program— Formula Grants for Rural Areas—to rural transportation areas by providing financial assistance for operating, planning, administrative expenses, and the acquisition, construction, and improvement of facilities and equipment. In addition, Section 5311 specifically provides for the support of rural intercity bus services, as well as funding for training, technical assistance, research, and related services to support the rural transit service. The Department spent about $80.3 million in program funds during fiscal year 2023. Of that amount, it passed through about $35.2 million to subrecipients through subawards.
The Formula Grants for Rural Areas program is not subject to the Cash Management Improvement Act, and is not included in the Treasury-State Agreement for Washington. Programs not covered by a Treasury-State Agreement are subject to the provisions of Title 31 of the U.S. Code of Federal Regulations, Part 205, Subpart B, which specifies how funds transfers from the federal government must be processed. The Department requests monthly federal reimbursements for operating expenses and disbursements to subrecipients.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with cash management requirements for the Formula Grants for Rural Areas program.
We used a non-statistical sampling method to randomly select and examine 17 draws of program funds out of a total population of 128. We also selected six large draws that were individually significant. During our review, we found that one draw in the amount of $41,555 was made for an incorrect program. Management reviewed, verified, and approved this draw, but the Department did not detect that funds were drawn for the incorrect program during the audit period. We consider these questioned costs.
Additionally, we found that two of the six individually significant draws were not made timely. One draw for $6.3 million was made in June 2023 for expenditures the Department incurred and paid in fiscal year 2021. Similarly, another draw for $9 million was made in April 2023 for expenditures the Department incurred and paid for in fiscal year 2022. Based on the length of time it took to perform the associated draws, we determined that the Department did not comply with federal requirements to minimize the time between the drawdown of federal funds and their disbursement for federal program purposes. Therefore, the Department’s controls did not ensure timely draws in compliance with federal regulations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management review was insufficient for ensuring that program funds were drawn only for allowable program expenditures. Additionally, management did not ensure that draws were performed timely in accordance with federal regulations and said this was due to difficulties in reconciling expenditure accruals to the payment system.
Effect of Condition and Questioned Costs
Drawing funds for the incorrect federal program can potentially result in uncollected funds in one program and overdrawing another. Further, delaying federal drawdown requests results in state funds being advanced longer than necessary and lost interest revenue for the state. The table below summarizes the questioned costs our audit identified.
Projection to population Likely Questioned Costs (Estimate)
Known Questioned Costs $41,555
Federal expenditures $298,218
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR §200.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve its internal controls to ensure reimbursement requests are for the correct federal award
• Ensure draws of federal program funds are performed in a timely manner
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Formula Grants for Rural Areas Program. The Department is committed to ensuring our programs comply with federal regulations related to Cash Management.
WSDOT has implemented additional controls to help ensure the draws of program funds are accurate, drawn on the correct program, and timely. The updated procedures include: Identifying back up staff to ensure coverage during regular staff absences; Change in the timing of draws of program funds; Use of automatic ECHO system confirmations for draws entered; Additional reviews of draw amounts by project, and a Validation process with the WSDOT program staff. In addition, the questioned costs have been refunded to the incorrectly charged federal program.
In an effort to ensure increased compliance, these procedures will be reviewed regularly and updated as required.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
a. A State must minimize the time between the drawdown of Federal funds from the Federal government and their disbursement for Federal program purposes. A Federal Program Agency must limit a funds transfer to a State to the minimum amounts needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a Federal assistance program or project. The timing and amount of funds transfers must be as close as is administratively feasible to a State’s actual cash outlay for direct program costs and the proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A–102 (For availability, see 5 CFR 1310.3.).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-016 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the Formula Grants for Rural Areas program.
Assistance Listing Number and Title: 20.509 Formula Grants for Rural Areas
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: WA-2019-091-01; WA-2020-038-01; WA-2021-052-01; WA-2021-130-01; WA-2021-133-01; WA-2022-031-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington State Department of Transportation administers the Section 5311 program— Formula Grants for Rural Areas—to rural transportation areas by providing financial assistance for operating, planning, administrative expenses, and the acquisition, construction, and improvement of facilities and equipment. In addition, Section 5311 specifically provides for the support of rural intercity bus services, as well as funding for training, technical assistance, research, and related services to support the rural transit service. The Department spent about $80.3 million in program funds during fiscal year 2023. Of that amount, it passed through about $35.2 million to subrecipients through subawards.
When passing federal funds through to subrecipients, federal regulations require the Department to monitor them based on a risk assessment to ensure:
• Federal funds are used for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward.
• Subaward performance goals are achieved.
• The subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award, when applicable.
The Department’s subrecipient monitoring activities include virtual and physical site visits for various types of reviews based on risk assessments performed on a biennial basis, including:
• Financial reviews
• Administrative policy reviews
• Drug and alcohol compliance reviews
• Capital (equipment) reviews
According to the Department’s Consolidated Grant Guidebook, which outlines general grant terms and conditions, the Department conducts biennial risk assessments to evaluate each subrecipient’s risk of noncompliance with grant requirements. The Department then determines the frequency of site visits for each subrecipient based on risk level, and schedules them accordingly.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the Formula Grants for Rural Areas program.
We used a nonstatistical sampling method to randomly select and examine 12 site visits out of a total population of 65 to verify if the Department appropriately monitored its subrecipients. We found the Department did not perform two site visits during the audit period (17 percent). We also reviewed the Department’s site visit tracker and found three additional site visits that were not performed at the time of our audit. Additionally, we found that 10 other site visits were not completed by the Department’s scheduled due date (20 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department’s use of a tracker to schedule and complete site visits timely was insufficient to ensure that it appropriately monitored subrecipients in accordance with federal regulations. In addition, the Department’s policies and procedures did not specify when site visits must be conducted for subrecipients based on their assessed risk score or risk level. Accordingly, management did not enforce the due date for each subrecipient’s site visits established in the tracker, and did not ensure that all required site visits were completed.
Effect of Condition
During the audit period, the Department did not complete five out of 65 (8 percent) scheduled site visits for subrecipients. By not performing monitoring visits timely, the Department is at a higher risk of not detecting or preventing noncompliance with federal regulations and the grant’s terms and conditions. Additionally, the Department is at increased risk of not ensuring that subaward performance goals are achieved, and is unable to ensure subrecipients correct any existing deficiencies in a timely manner.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure that it performs and documents monitoring visits based on its risk assessments of its subrecipients to ensure compliance with federal regulations and its own guidebook
• Update its written policies and procedures to address the minimum requirements for conducting site visits, including determining how a subrecipient’s assessed risk score and risk level affect the timing and number of site visits required
• Monitor the status of site visits for all its subrecipients to ensure that each one is evaluated in accordance with the requirements in its own guidebook
• Follow up on subrecipients with overdue site visits to ensure they are conducted timely
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Formula Grants for Rural Areas. WSDOT is committed to ensuring our programs comply with federal regulations. WSDOT concurs with the finding and plans to implement the recommendations. Specifically, our Public Transportation Division will:
• Update Public Transportation policy and procedure to more fully document its risk-based site visit approach. This update will clarify how an organization’s risk assessment score impacts the timing and number of administrative and financial site visits. This update will not impact capital and drug and alcohol site visits because Public Transportation Division staff conduct them every two years regardless of risk assessment scores.
• Evaluate new ways for management, supervisors and staff to more effectively monitor site visit completion by established due dates. Once this group develops a new approach, management will ensure that staff document it in its policies and procedures and communicate the new approach to impacted staff.
As of October 2023, the Public Transportation Division had conducted all five site visits listed in the condition of this finding.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washinton State Department of Transportation Consolidated Grant Guidebook (M130 (March 2022 version)), Chapter 1 – Requirements and guidelines for all projects, states in part:
Program compliance and project reporting
Risk assessments
Every two years and in accordance with 2 CFR 200.332(b)(1-4), WSDOT conducts risk assessments to evaluate each grantee’s risk of noncompliance with the grant requirements. We use the risk assessment results to determine how much technical assistance and oversight may be necessary to help organizations comply with grant requirements.
WSDOT will designate organizations that have a strong record of grant compliance and project delivery as low risk. The benefits of low-risk status may include less frequent site visits.
High-risk status may result in more frequent site visits and a higher level of monitoring between site visits. For example, grantees may be required to provide full back up documentation with their claims.
Frequency of site visits
The frequency of site visits depends on the type of project, the funding source, type of site visit, and your risk scores.
Below is general information on the frequency of site visits:
• Operating projects
WSDOT will perform administrative and financial site visits at least once every four years on active projects based on an organization’s risk score.
• Planning projects
WSDOT will perform administrative and financial site visits at least once every four years on active projects based on an organization’s risk score.
• Capital vehicle and equipment projects
WSDOT will perform administrative and capital site visits at least once every four years on active projects based on an organization’s risk score through the useful life of the vehicle and/or equipment.
• Drug and alcohol program reviews
WSDOT will perform a drug and alcohol site visit every biennium as needed based on an organization’s risk. This applies only to grantees awarded Sections 5339 and 5311 funding.
2023-017 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure payments to subrecipients of the Emergency Rental Assistance program were allowable and properly supported.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: N/A
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Period of Performance
Known Questioned Cost Amount: $4,123,486
Prior Year Audit Finding: Yes, Finding 2022-016
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.55 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. During the audit period, the Department allocated program funds to 13 ERA1 subrecipients and 12 ERA2 subrecipients. Grant recipients may use ERA1 and ERA2 funds for administrative expenses, housing stability services, financial assistance, and other affordable rental housing and eviction prevention purposes.
Most of the expenditures the Department spent were for financial assistance to eligible households, which included payment of rent, rental arrears, utilities and home energy costs, utilities and home energy costs arrears, housing stability services and other expenses related to housing. Under the ERA1 program, award funds used for “other expenses” must be related to housing and “incurred due, directly or indirectly, to the COVID-19 outbreak.” The amount for prospective rent cannot exceed three months under a single household application. Financial assistance arrears may only cover household expenses accrued on or after March 13, 2020, up to a maximum of 15 months for ERA1 and a maximum of 18 months under ERA1 and ERA2 combined.
There is no maximum dollar amount for the cumulative financial assistance that may be provided on behalf of an eligible household beyond the requirement that the amounts paid be based on documentation of household income, leases and equivalent forms.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to subrecipients of the ERA program were allowable and properly supported. The prior finding number was 2022-016.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments for the ERA program were allowable and properly supported.
During the audit period, the Department had procedures in place, which required staff to review supporting documentation when approving payments.
We used a statistical sampling method to randomly select and examine 48 out of a total population of 136 subrecipient payments. Additionally, we judgmentally reviewed two significant payments that each exceeded $3 million. In total, we examined more than $39 million in provider payments as part of the audit.
Of the 48 randomly selected payments examined, we identified seven (15 percent) that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award’s period of performance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
In July 2022, the Department implemented procedures requiring staff to review supporting documentation to ensure reimbursement requests were for allowable activities before reimbursing subrecipients. However, Department staff did not follow these procedures and approved reimbursements to subrecipients that did not provide adequate supporting documentation. Management said that this was caused by staff turnover during the audit period.
Effect of Condition and Questioned Costs
We determined the Department did not receive adequate supporting documentation before reimbursing subrecipients to ensure that expenditures were for allowable activities, met cost principles, and occurred within the award’s period of performance. As a result, we identified $4,123,486 in known federal questioned costs and $11,511,399 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR 200.516(a)(3).
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that program spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure payments to subrecipients are not approved without a review of adequate supporting documentation
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department acknowledges the payments reported lacked adequate documentation to ensure compliance with federal requirements.
In July 2022, the Department began requiring subrecipients to submit supporting backup documentation for all expenditures to the program for review and approval.
Due to the temporary nature of the Emergency Rental Assistance (ERA) program, all staff supporting the administration of the program held temporary positions and staff turnover impacted consistency with compliance of federal requirements. As a result, supporting documentation for seven of the randomly selected 48 payments were approved before they were fully reviewed and determined to be properly supported. The Department will obtain the supporting documentation for those transactions to ensure the invoices paid were properly supported and to retail with the corresponding invoices.
The Department has used the reported deficiency to improve our internal control processes and has since implemented a new control process requiring staff include a note to the invoicing system recording documentation received supported and reconciled to the submitted invoice before payment is approved.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-018 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Emergency Rental Assistance program.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirements: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022- 017
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.6 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. During the audit period, the Department allocated program funds to 12 ERA1 subrecipients and 11 ERA2 subrecipients. Grant recipients may use ERA1 and ERA2 funds for administrative expenses, housing stability services, financial assistance, and other affordable rental housing and eviction prevention purposes.
The Department is required to submit quarterly ERA Compliance Reports for ERA1 and ERA2, which contain information on the number of participating households that received financial assistance and the amount of ERA funds expended or obligated by the Department to or for participating households.
The federal grantor specified there were four key line items on the ERA Compliance Report that contained critical information.
1. Administrative Cost Ratio: Total obligations and/or expenditures for administrative costs does not exceed relevant threshold of total allocation (10 percent across the prime and all subrecipients for ERA1, not to exceed 15 percent for ERA2 across the prime and all subrecipients).
2. Housing Stability Services Ratio: Total obligations and/or expenditures for housing stability services is not greater than 10 percent of total amount allocated.
3. System for Prioritizing Assistance: The number of households with less than 50 percent area median income (AMI) receiving financial assistance is greater than the number of households with greater than 50 percent AMI receiving assistance.
4. Participant Households at Certain Income Levels Eligibility: The total households receiving assistance is not greater than the sum of the AMI-banded eligible households with a 5 percent to 10 percent margin of error to avoid false positives for medium to large recipients.
Each ERA subrecipient completes a templated spreadsheet that includes these four line items and submits it monthly to the Department. The Department then sends these spreadsheets to a
third-party vendor that aggregates the monthly data for each quarter and performs data validation and diagnostic checks, including deduplication and data cleanup. The Department uses a summary of the vendor’s aggregated data to complete the ERA Compliance Report.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ERA program. The prior finding number was 2022-017.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ERA program.
During the audit period, the Department’s program staff said that all subrecipient monthly reports were reviewed and approved by the appropriate personnel before being sent to the third-party vendor for aggregation. However, program staff did not document their review or approval, so we are unable to determine if the proper reviews occurred. Additionally, the Department did not review the vendor’s aggregated data to ensure it was complete and accurate before submitting it to the grantor.
We used a non-statistical sampling method to randomly select and examine four out of a total population of seven reports. All four reports we examined had material errors, as summarized below:
Report One – ERA1 Q3 2022
• The Department underreported administrative expenses by $2,576,697 (59 percent) and housing stability services by $31,927 (100 percent).
Report Two – ERA1 final report
• The Department underreported the number of participating households by 9,880 (20 percent).
Report Three – ERA2 Q3 2022
• The Department underreported total financial assistance by $1,567,045 (9 percent) because it did not ensure all subrecipients submitted data timely for reporting.
Report Four – ERA2 Q1 2023
• The Department could not provide the completed report, so we were unable to identify the amounts reported or determine if they were accurate.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not require management to document their reviews of reports and supporting documentation before submitting them to the grantor. If reviews of the reports were performed, they were inadequate for detecting the identified errors. Further, the Department did not monitor or review the vendor’s aggregated data to ensure it was reliable.
The Department also did not maintain copies of these reports after submitting them. The Department tried to download a copy of the fourth report from the reporting website, but some required fields were blank. The Department contacted the grantor for assistance but did not receive a response.
Effect of Condition
By not reviewing and reconciling aggregated subrecipient data and supporting documentation, management was unable to demonstrate the amounts reported were complete and accurate. In addition, by not retaining completed reports, management was unable to demonstrate the Department reported key line items to the grantor.
Without establishing adequate internal controls, the Department cannot reasonably ensure that the required line items reported to the grantor are complete and accurate.
Recommendations
We recommend the Department:
• Ensure it retains copies of completed reports after submitting them to the grantor
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Ensure it reviews the aggregated subrecipient data collected from the third-party vendor for completeness and accuracy
Department’s Response
The Department contracted with a vendor skilled in performing data analytics to aggregate the data required in the monthly and quarterly reports submitted to the Department of Treasury (Treasury). Each Treasury report included data on thousands of households served as well as millions of dollars expended in financial assistance. Department staff reviewed grantee’s data before it was submitted to the vendor and often communicated with grantees to recommend corrections to their data, however, that review process was not explicitly documented.
During a review of cumulative data for Emergency Rental Assistance (ERA) 1 and ERA2, an error was made, two numbers were transposed when reporting households served, resulting in underreporting in the ERA1 Final Report.
Treasury guided grantees to correct previous report issues on future reports instead of submitting a new report for that quarter, resulting in late or corrected data being updated on a future ERA2 report. The Department was unable to access Treasury reports even though Treasury reports were supposed to be available for download through their reporting portal. However, the download function was often unavailable. When the Department requested the ERA2 Q1 2023 report from Treasury, Treasury was unresponsive, and the Department was unable to obtain and provide the data requested by the State Auditor’s Office (SAO).
We thank the SAO for the opportunity to respond to the concerns reported as a result of the audit for ERA reporting. We strive to improve our internal controls and increase our compliance.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Monitoring and reporting program performance, section 329, states in part:
(b) Reporting program performance.
The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. Also, in accordance with above mentioned common information collections, and when required by the terms and conditions of the Federal award, recipients must provide cost information to demonstrate cost effective practices (e.g., through unit cost data). In some instances (e.g., discretionary research awards), this will be limited to the requirement to submit technical performance reports (to be evaluated in accordance with Federal awarding agency policy). Reporting requirements must be clearly articulated such that, where appropriate, performance during the execution of the Federal award has a standard against which non-Federal entity performance can be measured.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
15 U.S. Code 9058c, Emergency rental assistance, establishes funding and allocation requirements.
2023-019 The Department of Commerce did not have adequate internal controls over reporting requirements for the Emergency Rental Assistance program.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Special Tests and Provisions: ERA Funds Reallocation
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-017
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.6 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. During the audit period, the Department allocated program funds to 13 ERA1 subrecipients and 11 ERA2 subrecipients. Grant recipients may use ERA1 and ERA2 funds for administrative expenses, housing stability services, financial assistance, and other affordable rental housing and eviction prevention purposes.
The Department is required to submit quarterly financial reports (SF-425) for ERA1 and ERA2. These reports contain information on award receipts, expenditures by state and federal share, cash on hand, any unobligated balance, and indirect costs for the reporting period. The U.S. Department of the Treasury uses the cumulative obligated and expended amounts in these quarterly reports to make reallocation determinations to ensure ERA funds remain available to grantees in accordance with jurisdictional needs and demonstrated capacity to deliver assistance while the ERA appropriations remain available.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ERA program. The prior finding number was 2022-017.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the ERA program.
The Department’s procedure requires the Grants and Loan Manager, or their delegate, to review and approve each SF-425 report in the Department’s Contract Management System (CMS) before it is submitted to Treasury. This review process ensures the reports are complete, accurate and reconcile with backup documentation from the agency’s accounting system.
We used a non-statistical sampling method to randomly select and examine four out of a total population of seven quarterly financial reports. We found one report (25 percent) that was not reviewed or approved in CMS until 45 days after it was submitted to Treasury.
We consider this internal control deficiency to be a material weakness.
This issue was reported as a finding in the prior audit.
Cause of Condition
Department officials said staff turnover and a lack of management oversight resulted in the report being submitted to Treasury without the required approval in CMS.
Effect of Condition
By not properly reviewing the SF-425 report, the Department risks inaccurate reporting and cannot reasonably ensure that the expenditure and obligation amounts reported to Treasury are complete and accurate. As a result, Treasury may not be able to make accurate reallocation determinations.
Recommendations
We recommend the Department:
• Ensure management review and approve the SF-425 reports before staff submit them to Treasury
• Properly train new staff and ensure management oversee the ERA reporting process
Department’s Response
The Department would like to thank the State Auditor’s Office for their diligence in auditing emergency rental assistance reporting for fiscal year 2023. The Department acknowledges an error was made and one SF-425 approval was not documented in the Contracts Management System prior to submission to the Department of Treasury as required. The Department has made significant improvement in documenting program reviews and approvals in the submission of required reports. The Department initiated a spreadsheet for fiscal analysts, supervisors and/or program managers to document their approval in CMS after review of the SF-425. This will ensure submission approval is made in CMS for all future reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
15 U.S. Code § 9058a – Emergency rental assistance
(d) Reallocation of unused funds
Beginning on September 30, 2021, the Secretary shall recapture excess funds, as determined by the Secretary, not obligated by a grantee for the purpose described under subsection (c) and the Secretary shall reallocate and repay such amounts to eligible grantees who, at the time of such reallocation, have obligated at least 65 percent of the amount originally allocated and paid to such grantee under subsection (b)(1), only for the allowable uses described under subsection (c). The amount of any such reallocation shall be determined based on demonstrated need within a grantee’s jurisdiction, as determined by the Secretary.
Department’s Federal Financial Reporting (FFR) Process
PART II – Preparing the FFR
6) In box 13a – 13e enter the information for the individual preparing the FFR. Grants & Loans Manager or delegate must review and sign the FFR prior to submittal.
2023-020 The Department of Commerce did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the Emergency Rental Assistance program.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.6 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. The Department allocated program funds to 12 subrecipients for ERA1 and 11 subrecipients for ERA2.
Federal regulations require the Department to monitor the activities of its subrecipient as necessary to ensure that they use their subawards for authorized purposes, comply with the terms and conditions of their subawards, and achieve performance goals. The Department performed one round of monitoring for each of the ERA1 and ERA2 subrecipients to ensure compliance.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the ERA program.
During the audit period, the Department had written procedures requiring reviewers to examine client files. However, they were only required to examine five client files for ERA1 and 10 client files for ERA2.
We used a non-statistical sampling method to randomly select and examine five out of a total population of 12 subrecipients. For these five subrecipients, we verified that staff reviewed the number of client files that management required for each program. However, there were a total of 30,153 households served for ERA1 and 30,963 households served for ERA2. Thus, the Department reviewed less than one-half of 1 percent of client files for each ERA1 and ERA2 subrecipient. We determined the individual client reviews were sufficient. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files reviewed for each subrecipient:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department officials said that limited staffing capacity determined how many client files were reviewed.
Effect of Condition
Subrecipient monitoring procedures are critical for ensuring program compliance and identifying potential misappropriations of public funds. Without establishing adequate internal controls, the Department cannot reasonably ensure that its subrecipients are using federal funds for allowable purposes. Additionally, without adequately monitoring each subrecipient’s uses of federal funds, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend the Department modify its written procedures to require an adequate number of subrecipient client files to be reviewed during program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements.
Department’s Response
The Emergency Rental Assistance (ERA) program monitoring commenced in fiscal year 2022 and continued in fiscal year 2023. The program established a process to monitor five to ten client files, which included randomly selected fiscal back up documentation from an invoice for each subrecipient. This process is included in the ERA monitoring procedure. On average it has taken three months to collect the required monitoring documentation from grantees due to the complicated nature of the program and administrative burden subrecipients faced in administering the award. The program has an average of three project staff to perform all monitoring duties which has resulted in program monitoring taking longer than anticipated. The program opted to focus on being able to do a smaller monitoring for every subrecipient instead of completing a larger monitoring for only a few subrecipients. This process allowed the Department to successfully complete a program monitoring for all ERA subrecipients. We understand that the sample size we are able to monitor is not sufficient given the size of the ERA program. SAO has not provided explicit guidance as to what an appropriate ratio of client files would be compared to the amount of households served and financial assistance expended. The program and the Department strive to improve subrecipient monitoring to address the appropriate level of risk for each recipient of federal funds.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2023-021 The Department of Commerce did not have adequate internal controls over federal requirements to ensure subawards for the Emergency Rental Assistance program contained the correct federal award identification elements.
Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.6 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs.
The Department of Commerce administers the ERA program in Washington. During the audit period, The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2023, the Department spent about $62.5 million in ERA1 and ERA2 funds. The Department allocated program funds to 12 subrecipients for ERA1 and 11 subrecipients for ERA2.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes the 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over federal requirements to ensure ERA subawards contained the correct federal award identification elements.
During the audit period, the Department executed one ERA subaward for more than $4 million. We examined the subaward and found it contained the 14 required elements. However, we found it was not clearly identified as a federal subaward, and the subrecipient was referred to as a contractor throughout the award.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had an adequate internal control in place to ensure that the subaward included all the correct information. Furthermore, the subrecipient was referred to as a contractor throughout the award because the Department used a contract template; it did not have a subaward template available at that time.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to the subrecipient. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure the subrecipient has been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions.
Recommendations
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately, there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used.
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements. We communicated the Requirements for Pass Through Entities to the recipient which is only communicated to subrecipients per the CFR.
Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. Short of an error being made, the Department feels this exception has been resolved. We appreciate the opportunity to respond to this error.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
2023-022 The Housing Finance Commission did not have adequate internal controls over eligibility requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission is required to ensure all homeowners who receive HAF funds are eligible for the program. The HAF Plan Term Sheet, approved by the federal grantor, outlines the general eligibility requirements for the program. The Commission entered into an agreement with a contractor to perform eligibility determinations for the program. As part of the agreement, the contractor reviews eligibility determinations for 10 percent of applications that were approved, denied and withdrawn each quarter. The contractor provides these results to the Commission. To ensure the contractor made the correct determinations, Commission staff reviews 10 percent of the eligibility determinations that the contractor reviewed.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over eligibility requirements for the HAF program.
During the audit period, the Commission only reviewed 1 percent of all approved, denied and withdrawn applications. The determinations that staff reviewed were only taken from those that the contractor selected, so the Commission had no assurance that the 90 percent of the determinations the contractor did not select were made properly. Because the Commission did not perform any additional independent reviews, we determined the Commission did not perform an adequate level of review to ensure proper eligibility determinations were made for the program as a whole.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management believed the level of review performed by Commission staff was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without establishing adequate internal controls, the Commission is at a higher risk of paying ineligible homeowners. In addition, by only reviewing cases that the contractor selected, there is a risk that the eligibility determinations that Commission staff reviewed were not representative of the program as a whole.
Recommendations
We recommend the Commission:
• Improve internal controls to ensure it only provides HAF funds to eligible homeowners
• Ensure that Commission staff perform and document an adequate review of approved, denied and withdrawn HAF applications that are independent of those reviewed by the contractor
Commission’s Response
The Commission concurs with this finding.
The Commission will strengthen its controls and increase its level of reviews, including a selection of applications independent of those verified by the contractor to ensure a more representative population.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Eligibility. Under this program, HAF participants are responsible for ensuring funds are used for eligible purposes. Generally, HAF participants must develop and implement policies and procedures, and record retention, to determine and monitor implementation of criteria for determining the eligibility of beneficiaries and / or Subrecipients. HAF participants, and if applicable, the Subrecipient(s) administering a program on behalf of the HAF participant, will need to maintain procedures for obtaining information evidencing a given beneficiary, Subrecipient, or contractor’s eligibility, including a valid SAM.gov registration. Implementing risk-based due diligence for eligibility determinations is a best practice to augment your organization’s existing controls.
2023-023 The Housing Finance Commission did not have adequate internal controls over earmarking requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission must meet earmarking requirements for the following four categories:
1. Counseling or educational efforts by housing counseling agencies approved by the U.S. Department of Housing and Urban Development (HUD), tribal government (including such efforts by in-house housing counselors who are HUD certified or tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5 percent of the funding from the HAF received by the HAF participant.
2. Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15 percent of the funding from the HAF received by the HAF participant.
3. Participants are providing not less than 60 percent of funds to homeowners with income less than 100 percent of area median income (AMI) or 100 percent of U.S. median income.
4. Participants target homeowners who are classified as socially disadvantaged individuals (SDIs) and 100 percent AMI or less.
The Commission is required to meet the requirements of the first, second and third earmarks when the HAF funds are fully expended. When administering the program, the Commission is required to have processes in place to track these requirements to ensure it is compliant at the end of the award.
The HAF Plan, approved by the federal grantor, outlines the program design and the budget allocation for the earmarking categories. These amounts are based on the award being fully expended. For the first two earmarking requirements, the Commission used these budgets to contract for necessary services. Commission staff then maintained a tracking spreadsheet to ensure payments did not exceed the contracted amount.
For the third earmark requirement, the Commission allocated 77 percent of the HAF award to homeowners, and it required all homeowners to have an income less than 100 percent AMI. For the fourth earmark requirement, the Commission contracted with a contractor to perform outreach targeting SDIs and those that are less than 100 percent AMI.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over earmarking requirements for the HAF program.
During the audit period, the Commission tracked contractor payments applicable to the first and second earmarking requirements. However, expenditures were tracked in relation to the amounts budgeted in the HAF Plan. The Commission did not review these expenditures in relation to overall program expenditures to ensure they were on track to be compliant with the established earmarks.
For the third earmarking requirement, the Commission relied on eligibility determinations made by a contractor to ensure all homeowners in the HAF program have income less than 100 percent AMI. We determined the Commission did not have an adequate process to ensure all applicants met eligibility requirements. This condition is reported as a material weakness in internal controls in audit finding 2023-022.
Our audit did not identify issues with the fourth earmarking requirement.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While Commission staff tracked payments made to contractors allocated in the HAF Plan, management did not implement procedures to track these amounts to the total program expenditures to be able to ensure compliance.
In addition, management believed the level of eligibility determination review performed by Commission staff was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without adequate internal controls, the Commission is at risk of not meeting the earmarking requirements when the award closes if budget allocations change or the award is not fully expended.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure that it tracks and meets the earmarking requirements
• Improve internal controls to ensure eligibility determinations are made properly
Commission’s Response
The Commission concurs with this finding.
The Commission will develop a system to track and meet earmarking requirements relative to expenditure levels. Additionally, the Commission will strengthen its controls and increase its level of reviews, including a selection of applications independent of those verified by the contractor to ensure a more representative population.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund Guidance, states, in part:
Qualified Expenses:
Counseling or educational efforts by housing counseling agencies approved by HUD or a tribal government (including such efforts by in-house housing counselors who are HUD certified or Tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5% of the funding from the HAF received by the HAF participant.
Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15% of the funding from the HAF received by the HAF participant.
2023-024 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission is required to submit quarterly HAF financial reports that have information on the cumulative obligations and expenditures to date. These reports are due 45 days after the end of each quarter. The federal grantor specified there were two key lines items on the report that contained critical information:
1. Administrative Expenses – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 15 percent for admin expenses.
2. Services, Counseling & Education – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 5 percent for legal services, counseling and education.
The HAF Plan, approved by the federal grantor, outlines the budget allocation of administrative, services, counseling and education expenditures. The Commission uses these budgets to contract required services. Commission staff maintain a tracking spreadsheet for HAF obligations and payments made to contractors. Staff use data from this spreadsheet to fill out the quarterly reporting template. Once completed, the Commission submits the report in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The spreadsheets used to track obligation and expenditure data to prepare reports were not accurate and complete. We determined staff were reporting expenditures that had not been paid in the expenditure category instead of as obligations. We also determined staff made errors when recording the obligation amounts. These errors included not properly realizing all of the expenditures in the accounting system, not realizing all administrative obligations and including obligations that were not supported.
We used a non-statistical sampling method to randomly select and examine four out of a total population of seven quarterly reports. All four reports (100 percent) that we examined had errors, as summarized in the table below.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
These reports are mainly comprised of financial information that is recorded in the Commission’s accounting system. Commission officials said there was a lack of coordination between program and finance staff in compiling these reports to ensure the correct data was used. Furthermore, the Commission did not require management to review the reports and their supporting documentation before submitting them to the grantor.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the supporting documentation to ensure the correct source data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will implement a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
The following programmatic information will be required in Quarterly Reports.
f. Program(s) Information- HAF participants will provide information on all HAF programs. Programs are new or existing eligible government services or investments funded in whole or in part by HAF funding. For each program, the HAF participant will be required to enter the following information:
• Total Obligations Cumulative to Calendar Quarter end date;
• Total Expenditures Cumulative to Calendar Quarter end date;
g. Expenditures- HAF participants are required to report the HAF assistance expended or spent by the HAF participant. HAF participants will be asked to report expenditures on a cumulative basis at the following levels: the participant-level, program-level, and program design element-level. At the participant-level, HAF participants will be asked to disaggregate expenditures or amounts expended by the categories noted under the Disaggregated Information requirement below.
• The information provided in this section will relate to the HAF Grantee Plan Budget Expenditures broken out by Program Design Element.
h. Obligations- HAF participants are required to report the HAF assistance obligated. HAF participants will be asked to report obligations on a cumulative basis at the participant-level, program-level, and program design element-level. HAF participants will be asked to disaggregate participant-level obligations by the categories noted under the Disaggregated Information requirement below.20
The information provided in this section will relate to the HAF Grantee Plan Budget Obligations broken out by Program Design Element.
2023-025 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission implemented a pilot program before launching the main HAF program. The Commission contracted with a contractor to help implement the main HAF program and maintain participant data. The Commission is required to submit an annual performance report that provides an overview of its intended and actual uses of funding to-date for the pilot and main HAF programs. The federal grantor identified two key lines items on the report that contained critical information:
1. Socially Disadvantaged Individuals (SDIs) – Quantifiable Objective Criteria: Participants are providing not less than 60 percent of funds to homeowners with income less than 100 percent area median income (AMI) or 100 percent of U.S. median income.
2. AMI – Quantifiable Objective Criteria: Participants target homeowners that are classified as SDI and 100 percent AMI or less.
The HAF Plan, approved by the federal grantor, outlines the budget allocations, goals, and types of assistance for the Washington HAF program. The HAF reporting portal automatically populates each section of the annual report template with information from this plan. The Commission is required to submit a narrative on the status of each section. Commission staff use participant data provided by the contractor to complete the report template. Once completed, Commission management review the report, and then the preparer submits it in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The contractor only provided summary-level data to the Commission at the time of reporting. As a result, Commission staff did not have detailed supporting documentation to review to verify that the total amounts in the contractor’s reports were complete and accurate. Additionally, the Commission did not have documented evidence to support that management reviewed the annual report prior to submission.
We reviewed the report submitted on November 9, 2022, that covered the start of the award through September 30, 2022. The report identified 58 SDIs, and we determined the total is actually 87 SDIs (33 percent underreported) for the pilot and main programs combined. We found the Commission did not report SDIs that were identified as “other” in the pilot program.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Commission did not require the contractor to submit detailed support for the total numbers provided for reporting to ensure all categories were included. In addition, the Commission did not ensure adequate management review of the report prior to submission.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the detailed supporting documentation to ensure the correct data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will implement a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
HAF participants are required to submit an Annual Performance Report on an annual basis and demonstrate the impact of the HAF-financed programs. Reports should include data related to program outputs and outcomes against the stated objectives of the HAF participant’s HAF Grant Plan.
Performance Goals
HAF participants initially submitted performance goals on the use of HAF awarded funds in their approved Grantee Plan. Each one of the performance goals should have identified how the HAF participant will address homeowner needs and should have been disaggregated by key characteristics such as mortgage type, racial and ethnic demographics, and/or geographic areas, as appropriate. HAF participants will be required to provide a status update and quantitative measures, if applicable, on each of their initial performance goals set forth in their Grantee Plan. Please note, HAF participants will not have the ability to alter their original performance goals noted in their Grantee Plan nor add additional performance goals in the Annual Report.
Methods for Targeting and HAF Funding
HAF participants were asked in their original Grantee Plan to describe how the HAF participant will effectively target HAF award funds to (1) homeowners with incomes equal to or less than 100% of the area median income or equal to or less than 100% of the median income for the United States, whichever is greater; and (2) socially disadvantaged individuals. The description included the HAF participant’s targeting strategies. HAF participants will be required to provide an update on their targeting methods and if they have appropriately executed targeting methods according to their original Grantee Plan.
2023-022 The Housing Finance Commission did not have adequate internal controls over eligibility requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission is required to ensure all homeowners who receive HAF funds are eligible for the program. The HAF Plan Term Sheet, approved by the federal grantor, outlines the general eligibility requirements for the program. The Commission entered into an agreement with a contractor to perform eligibility determinations for the program. As part of the agreement, the contractor reviews eligibility determinations for 10 percent of applications that were approved, denied and withdrawn each quarter. The contractor provides these results to the Commission. To ensure the contractor made the correct determinations, Commission staff reviews 10 percent of the eligibility determinations that the contractor reviewed.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over eligibility requirements for the HAF program.
During the audit period, the Commission only reviewed 1 percent of all approved, denied and withdrawn applications. The determinations that staff reviewed were only taken from those that the contractor selected, so the Commission had no assurance that the 90 percent of the determinations the contractor did not select were made properly. Because the Commission did not perform any additional independent reviews, we determined the Commission did not perform an adequate level of review to ensure proper eligibility determinations were made for the program as a whole.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management believed the level of review performed by Commission staff was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without establishing adequate internal controls, the Commission is at a higher risk of paying ineligible homeowners. In addition, by only reviewing cases that the contractor selected, there is a risk that the eligibility determinations that Commission staff reviewed were not representative of the program as a whole.
Recommendations
We recommend the Commission:
• Improve internal controls to ensure it only provides HAF funds to eligible homeowners
• Ensure that Commission staff perform and document an adequate review of approved, denied and withdrawn HAF applications that are independent of those reviewed by the contractor
Commission’s Response
The Commission concurs with this finding.
The Commission will strengthen its controls and increase its level of reviews, including a selection of applications independent of those verified by the contractor to ensure a more representative population.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Eligibility. Under this program, HAF participants are responsible for ensuring funds are used for eligible purposes. Generally, HAF participants must develop and implement policies and procedures, and record retention, to determine and monitor implementation of criteria for determining the eligibility of beneficiaries and / or Subrecipients. HAF participants, and if applicable, the Subrecipient(s) administering a program on behalf of the HAF participant, will need to maintain procedures for obtaining information evidencing a given beneficiary, Subrecipient, or contractor’s eligibility, including a valid SAM.gov registration. Implementing risk-based due diligence for eligibility determinations is a best practice to augment your organization’s existing controls.
2023-023 The Housing Finance Commission did not have adequate internal controls over earmarking requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission must meet earmarking requirements for the following four categories:
1. Counseling or educational efforts by housing counseling agencies approved by the U.S. Department of Housing and Urban Development (HUD), tribal government (including such efforts by in-house housing counselors who are HUD certified or tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5 percent of the funding from the HAF received by the HAF participant.
2. Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15 percent of the funding from the HAF received by the HAF participant.
3. Participants are providing not less than 60 percent of funds to homeowners with income less than 100 percent of area median income (AMI) or 100 percent of U.S. median income.
4. Participants target homeowners who are classified as socially disadvantaged individuals (SDIs) and 100 percent AMI or less.
The Commission is required to meet the requirements of the first, second and third earmarks when the HAF funds are fully expended. When administering the program, the Commission is required to have processes in place to track these requirements to ensure it is compliant at the end of the award.
The HAF Plan, approved by the federal grantor, outlines the program design and the budget allocation for the earmarking categories. These amounts are based on the award being fully expended. For the first two earmarking requirements, the Commission used these budgets to contract for necessary services. Commission staff then maintained a tracking spreadsheet to ensure payments did not exceed the contracted amount.
For the third earmark requirement, the Commission allocated 77 percent of the HAF award to homeowners, and it required all homeowners to have an income less than 100 percent AMI. For the fourth earmark requirement, the Commission contracted with a contractor to perform outreach targeting SDIs and those that are less than 100 percent AMI.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over earmarking requirements for the HAF program.
During the audit period, the Commission tracked contractor payments applicable to the first and second earmarking requirements. However, expenditures were tracked in relation to the amounts budgeted in the HAF Plan. The Commission did not review these expenditures in relation to overall program expenditures to ensure they were on track to be compliant with the established earmarks.
For the third earmarking requirement, the Commission relied on eligibility determinations made by a contractor to ensure all homeowners in the HAF program have income less than 100 percent AMI. We determined the Commission did not have an adequate process to ensure all applicants met eligibility requirements. This condition is reported as a material weakness in internal controls in audit finding 2023-022.
Our audit did not identify issues with the fourth earmarking requirement.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While Commission staff tracked payments made to contractors allocated in the HAF Plan, management did not implement procedures to track these amounts to the total program expenditures to be able to ensure compliance.
In addition, management believed the level of eligibility determination review performed by Commission staff was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without adequate internal controls, the Commission is at risk of not meeting the earmarking requirements when the award closes if budget allocations change or the award is not fully expended.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure that it tracks and meets the earmarking requirements
• Improve internal controls to ensure eligibility determinations are made properly
Commission’s Response
The Commission concurs with this finding.
The Commission will develop a system to track and meet earmarking requirements relative to expenditure levels. Additionally, the Commission will strengthen its controls and increase its level of reviews, including a selection of applications independent of those verified by the contractor to ensure a more representative population.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund Guidance, states, in part:
Qualified Expenses:
Counseling or educational efforts by housing counseling agencies approved by HUD or a tribal government (including such efforts by in-house housing counselors who are HUD certified or Tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5% of the funding from the HAF received by the HAF participant.
Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15% of the funding from the HAF received by the HAF participant.
2023-024 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission is required to submit quarterly HAF financial reports that have information on the cumulative obligations and expenditures to date. These reports are due 45 days after the end of each quarter. The federal grantor specified there were two key lines items on the report that contained critical information:
1. Administrative Expenses – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 15 percent for admin expenses.
2. Services, Counseling & Education – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 5 percent for legal services, counseling and education.
The HAF Plan, approved by the federal grantor, outlines the budget allocation of administrative, services, counseling and education expenditures. The Commission uses these budgets to contract required services. Commission staff maintain a tracking spreadsheet for HAF obligations and payments made to contractors. Staff use data from this spreadsheet to fill out the quarterly reporting template. Once completed, the Commission submits the report in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The spreadsheets used to track obligation and expenditure data to prepare reports were not accurate and complete. We determined staff were reporting expenditures that had not been paid in the expenditure category instead of as obligations. We also determined staff made errors when recording the obligation amounts. These errors included not properly realizing all of the expenditures in the accounting system, not realizing all administrative obligations and including obligations that were not supported.
We used a non-statistical sampling method to randomly select and examine four out of a total population of seven quarterly reports. All four reports (100 percent) that we examined had errors, as summarized in the table below.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
These reports are mainly comprised of financial information that is recorded in the Commission’s accounting system. Commission officials said there was a lack of coordination between program and finance staff in compiling these reports to ensure the correct data was used. Furthermore, the Commission did not require management to review the reports and their supporting documentation before submitting them to the grantor.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the supporting documentation to ensure the correct source data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will implement a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
The following programmatic information will be required in Quarterly Reports.
f. Program(s) Information- HAF participants will provide information on all HAF programs. Programs are new or existing eligible government services or investments funded in whole or in part by HAF funding. For each program, the HAF participant will be required to enter the following information:
• Total Obligations Cumulative to Calendar Quarter end date;
• Total Expenditures Cumulative to Calendar Quarter end date;
g. Expenditures- HAF participants are required to report the HAF assistance expended or spent by the HAF participant. HAF participants will be asked to report expenditures on a cumulative basis at the following levels: the participant-level, program-level, and program design element-level. At the participant-level, HAF participants will be asked to disaggregate expenditures or amounts expended by the categories noted under the Disaggregated Information requirement below.
• The information provided in this section will relate to the HAF Grantee Plan Budget Expenditures broken out by Program Design Element.
h. Obligations- HAF participants are required to report the HAF assistance obligated. HAF participants will be asked to report obligations on a cumulative basis at the participant-level, program-level, and program design element-level. HAF participants will be asked to disaggregate participant-level obligations by the categories noted under the Disaggregated Information requirement below.20
The information provided in this section will relate to the HAF Grantee Plan Budget Obligations broken out by Program Design Element.
2023-025 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories, and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2023, the Commission spent about $34.7 million in HAF funds. The Commission implemented a pilot program before launching the main HAF program. The Commission contracted with a contractor to help implement the main HAF program and maintain participant data. The Commission is required to submit an annual performance report that provides an overview of its intended and actual uses of funding to-date for the pilot and main HAF programs. The federal grantor identified two key lines items on the report that contained critical information:
1. Socially Disadvantaged Individuals (SDIs) – Quantifiable Objective Criteria: Participants are providing not less than 60 percent of funds to homeowners with income less than 100 percent area median income (AMI) or 100 percent of U.S. median income.
2. AMI – Quantifiable Objective Criteria: Participants target homeowners that are classified as SDI and 100 percent AMI or less.
The HAF Plan, approved by the federal grantor, outlines the budget allocations, goals, and types of assistance for the Washington HAF program. The HAF reporting portal automatically populates each section of the annual report template with information from this plan. The Commission is required to submit a narrative on the status of each section. Commission staff use participant data provided by the contractor to complete the report template. Once completed, Commission management review the report, and then the preparer submits it in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The contractor only provided summary-level data to the Commission at the time of reporting. As a result, Commission staff did not have detailed supporting documentation to review to verify that the total amounts in the contractor’s reports were complete and accurate. Additionally, the Commission did not have documented evidence to support that management reviewed the annual report prior to submission.
We reviewed the report submitted on November 9, 2022, that covered the start of the award through September 30, 2022. The report identified 58 SDIs, and we determined the total is actually 87 SDIs (33 percent underreported) for the pilot and main programs combined. We found the Commission did not report SDIs that were identified as “other” in the pilot program.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Commission did not require the contractor to submit detailed support for the total numbers provided for reporting to ensure all categories were included. In addition, the Commission did not ensure adequate management review of the report prior to submission.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the detailed supporting documentation to ensure the correct data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will implement a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
HAF participants are required to submit an Annual Performance Report on an annual basis and demonstrate the impact of the HAF-financed programs. Reports should include data related to program outputs and outcomes against the stated objectives of the HAF participant’s HAF Grant Plan.
Performance Goals
HAF participants initially submitted performance goals on the use of HAF awarded funds in their approved Grantee Plan. Each one of the performance goals should have identified how the HAF participant will address homeowner needs and should have been disaggregated by key characteristics such as mortgage type, racial and ethnic demographics, and/or geographic areas, as appropriate. HAF participants will be required to provide a status update and quantitative measures, if applicable, on each of their initial performance goals set forth in their Grantee Plan. Please note, HAF participants will not have the ability to alter their original performance goals noted in their Grantee Plan nor add additional performance goals in the Annual Report.
Methods for Targeting and HAF Funding
HAF participants were asked in their original Grantee Plan to describe how the HAF participant will effectively target HAF award funds to (1) homeowners with incomes equal to or less than 100% of the area median income or equal to or less than 100% of the median income for the United States, whichever is greater; and (2) socially disadvantaged individuals. The description included the HAF participant’s targeting strategies. HAF participants will be required to provide an update on their targeting methods and if they have appropriately executed targeting methods according to their original Grantee Plan.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-026 The Office of Financial Management did not have adequate internal controls over and did not comply with requirements to ensure Coronavirus State and Local Fiscal Recovery Funds were used for only allowable activities.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $300,000,000
Prior Year Audit Finding: Yes, Finding 2022-018
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington has received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury (Department).
Federal law stipulate that states may use SLFRF funds to:
• Support public health expenditures, including COVID-19 prevention and mitigation efforts
• Address negative economic impacts caused by the public health emergency
• Replace lost public sector revenue
• Provide premium pay for essential workers
• Invest in water, sewer, and broadband infrastructure
States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ends on December 31, 2024.
Under the Department’s final rule, SLFRF recipients could use funds to replace lost public sector revenue to provide government services. Recipients could elect a one-time standard allowance of $10 million to spend on the provision of government services during the grant’s period of performance. Alternatively, SLFRF recipients could calculate lost revenue based on a formula established by the Department to determine the amount of SLFRF funds that can be used for the provision of government services. Washington chose to calculate its lost revenue rather than use the standard allowance.
The calculated amount of revenue loss determines the limit of SLFRF funds that recipients can use to provide government services. For reporting purposes on the Schedule of Expenditures of Federal Awards (SEFA), the aggregate expenditures for all eligible use categories must be reported, not the result of the revenue loss calculations or the standard allowance.
Washington received $2.2 billion of its total $4.4 billion SLFRF allocation in May 2022. When received, the funds were accounted for in the state’s Coronavirus State Fiscal Recovery Fund (Fund 706). Washington State Substitute Senate Bill 5165, section 408, included distributions totaling $600 million from Fund 706 to various state transportation-related accounts. According to the Office of Financial Management, these distributions compensated for revenue loss in state fiscal years 2020 and 2021 relative to revenues collected in state fiscal year 2019, and they were to be used to maintain government services. The Office attributed $300 million of this as SLFRF expenditures for transportation-related accounts on the state’s fiscal year 2023 SEFA.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities. The prior finding number was 2022-018.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure SLFRF funds were used for only allowable activities.
While recipients are allowed to use SLFRF funds to replace lost public sector revenues, the state was required to identify actual expenditures that were provided for government services. At the time of audit, the state had not identified such expenditures. Rather, the state asserted that all expenditures in the transportation accounts receiving the SLFRF funds were appropriated for government services, so there was no doubt as to the allowability of the use of funds.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Office management does not agree that federal requirements and the Department’s final rule required the state to separately identify actual expenditures that equal the amount of SLFRF expenditures claimed. It is the Office’s position that all expenditures in the transportation-related accounts were for government services, so the state had sufficient expenditures to meet the grant requirement.
During the last audit, the Office contacted the Department for guidance on the matter. The Department has maintained a FAQ document for the SLFRF program, and the answer to question 13.15, states in part, “recipients should not deviate from their established practices and policies regarding the incurrence of cost, and that they should expend and account for the funds in accordance with laws and procedures for expending and accounting for the recipient’s own funds.” A Department representative acknowledged this FAQ guidance, and said the Department does not have additional, specific requirements about how recipients should internally track their use of SLFRF funds for revenue replacement.
At the time of this audit, the Office had not received the Department’s management decision regarding the prior audit finding.
Effect of Condition and Questioned Costs
Without a population of actual expenditures to audit, we could not design tests to verify that the costs the Office charged to the grant were only for allowable activities, met cost principles, and were incurred during the grant’s period of performance. In our judgment, without identifying the specific expenditures charged to the SLFRF program, the Office did not comply with federal requirements.
Therefore, we are questioning the $300 million in costs that were not supported by specifically identified expenditures for government services. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its federal expenditures.
Recommendations
We recommend the Office:
• Identify the actual government service expenditures that are the basis for the $300 million in SLFRF expenditures recorded on the state’s fiscal year 2023 SEFA
• Review the supporting documentation for the expenditures to ensure they meet compliance requirements for the SLFRF program and are adequately documented, while also documenting the details of this review
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office does not concur with the audit finding.
The state of Washington implemented internal controls and created Fund 706 to track the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) expenditures. Following U.S. Department of Treasury guidance and instructions, the state of Washington determined there was approximately $3 billion in revenue loss. The state, through legislation, approved the transfer of $300 million from the SLFRF account to various state transportation accounts under the revenue loss provision. Each transportation account that received SLFRF funds was established in statute and is for a specific “government service” purpose. Therefore, all payments from those accounts would be considered an actual government service expenditure. The U.S. Treasury FAQ 3.2 states that “Government services generally include any service traditionally provided by a government, unless Treasury has stated otherwise.” We reaffirm that all expenditures from the transportation accounts that received the SLFRF funds were used to maintain government services.
The State Administrative and Accounting Manual requires all state agencies to establish internal controls over payments for goods and services, including ensuring payments are lawful and for proper purposes, reviewing payments to ensure they are supported, as well as documenting the review of all payments. State agencies continued to follow their established internal controls to ensure expenditures from the transportation accounts were proper and allowable. Additionally, the Office followed consistent policies and practices regarding the incurrence of costs in the transportation accounts for both non-SLFRF and SLFRF funds, which complied with federal guidance.
The Office disagrees that the total amount of lost revenue transferred to the transportation accounts should be considered questioned costs because the auditors were unable to design tests for compliance. Questioned costs, if any, could have been identified through appropriate and relevant audit procedures.
The Office continues to work with U.S. Treasury, through the Management Decision process, to ensure no questioned costs are required to be repaid.
Auditor’s Remarks
We believe that the federal requirement is that SLFRF recipients must separately identify actual expenditures that equal the amount of SLFRF expenditures stated on the Schedule of Expenditures of Federal Awards. This is consistent with the State’s practice for recording expenditures for all other federal programs.
Because the Office did not identify specific expenditures for the SLFRF program in the accounting system, we were unable to test SLFRF expenditures from the State’s transportation accounts. The expenditures for the State coded to the Office’s SLFRF account (706) did not include the distributions mentioned by the Office in its response, above, and therefore there was no expenditure activity for our Office to test for compliance.
We reaffirm our finding and will follow-up on the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 302, Financial management, states in part:
The financial management system of each non-Federal entity must provide for the following (see also 200.334, 200.335, 200.336, and 200.337)
1. Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any.
2. Records that identify adequately the source of the application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation
Title 2 CFR Part 200, Uniform Guidance, section 410, Collection of unallowable costs, establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200, Uniform Guidance, section 403, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-027 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $95,560
Prior Year Audit Finding: Yes, Finding 2022-019
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0) and Treasury Rent Assistance Program (TRAP 2.0), in addition to transportation, tourism and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements for monitoring subrecipients to ensure payments were allowable, properly supported and within the period of performance. The prior finding number was 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP and TRAP 2.0 subrecipients.
We used a statistical sampling method to randomly select and review 56 out of 554 payments. Of the payments examined, we identified nine (16 percent) payments that were not allowable under terms and conditions of the subaward. Specifically:
1. Seven payments (13 percent) were for advances to the subrecipient, which are specifically prohibited under the terms and conditions of the Department’s subaward
2. Four payments (7 percent), including one of the payments mentioned above, did not have adequate documentation to ensure the payment was for an allowable activity under the subaward, met cost principles and occurred within the award’s period of performance.
The Department’s invoice review procedure required the Department to verify that each subrecipient submitted, along with its invoice, a voucher detail worksheet that outlines expenses by budget category, and a general ledger report detailing the expenses incurred by the subrecipient during the invoice period. For four of the nine payments referenced above, we found the Department approved them for payment without receiving a general ledger report from the subrecipient detailing all incurred expenses. In one of these instances, we also found the Department advanced program funds to the subrecipient without reviewing supporting documentation from the subrecipient to demonstrate that all expenditures were incurred to support the amount advanced by the Department. We were not provided with any documentation demonstrating these funds were returned to the Department.
We also used a non-statistical sampling method to randomly select and examine nine out of 35 subrecipients for which the Department completed monitoring during the audit period. We determined five of the nine fiscal reviews completed (56 percent) were insufficient to ensure payments to the subrecipients were allowable and adequately supported. We came to this conclusion because the support we were provided lacked enough details to ensure the activities were allowable and within the period of performance. In addition, the Department did not have evidence that it obtained supporting documentation for client files from one of the nine subrecipients we examined.
We also examined program monitoring documentation completed for the same nine subrecipients. The Department only selected five households from each subrecipient for eligibility verification. There was a total of 53,699 households served for ERAP 2.0, and an additional 8,373 households served for TRAP 2.0. Therefore, the Department reviewed less than one-half of one percent of client files for each subrecipient. For these nine subrecipients, we verified that staff reviewed the number of client files that management required under the program. However, in our judgment, the total number of client files reviewed for each subrecipient was inadequate to reasonably ensure compliance with program requirements.
The following table summarizes the percentage of client files the Department reviewed for each subrecipient during the audit period:
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. The Department approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper supporting documentation and only served eligible households. In addition, it issued advance payments to subrecipients despite the subawards explicitly stating this was not allowable.
Management did not ensure program and fiscal monitoring conducted included a sufficient sample of subrecipient records, and required detailed source documentation, to provide reasonable assurance of material compliance with federal SLFRF requirements and the terms and conditions of the subawards.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds advanced to subrecipients were disbursed to eligible households and for allowable activities. As a result, we identified $95,560 in known federal questioned costs and $1,482,489 in likely federal questioned costs.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Update its written procedures to require an adequate number of subrecipient client files to be reviewed during fiscal and program monitoring to provide reasonable assurance that each subrecipient is compliant with program requirements
• Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement
• Request and review supporting documentation from all participating subrecipients on households served with SLFRF funds to determine if any amounts reimbursed to the subrecipients must be returned to the Department
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The State and Local Fiscal Recovery Funds were provided to the state as an advanced payment by which the Department used them to address the immense rent assistance needs as a result of the COVID-19 pandemic. Commerce funded subrecipients up to 25% of their contract total in an effort to mitigate cash flow issues to allow the swift distribution of funding. The Department utilized this method as obtaining documentation and processing reimbursements on a weekly basis still could not provide sufficient funding for all of the rent assistance needs. The Department now acknowledges the advanced payments were not authorized per federal guidance, however, all housing expenses were verified through thorough review of subrecipient expenditure supporting documentation.
The Department completed fiscal and program monitoring of each subrecipient over the contract period, however, neither the Code of Federal Regulations nor the Washington State Auditor’s Office has been able to provide the Department with the number of client files that would need to be reviewed to be considered adequate. The Department created a procedure to review a minimum of five client files per subrecipient and followed this procedure. The Department understands that given the urgent need for assistance and the enormous amount of rent assistance funding distributed, thousands of client files would had to have been reviewed in a short period of time and we could not build and sustain the necessary staff capacity to match the fast-paced program delivery. The Department did increase internal controls related to program monitoring to more accurately comply with federal requirements as a result of the prior audit results.
In July 2022, the Department began to review supporting backup documentation for all expenditures. The Department did not yet understand that transaction level detail was required and its review included a higher level of detail. Since the process was newly implemented in fiscal year 2023, it took some time to work out compliance challenges and provide technical assistance to subrecipients in order to comply with the federal requirements. The Department’s expenditure backup documentation review process began including transaction level detail in fiscal year 2023 as a result of the prior audit results.
Any repayment of questioned costs will be determined through the standard resolution process with the United States Department of Treasury.
Auditor’s Remarks
Federal regulations require pass-through entities to monitor the activities of subrecipients as necessary to ensure that subawards are used for authorized purposes and in compliance with federal requirements and the terms and conditions of the subaward. In our judgement, the Department’s design of monitoring subrecipients for fiscal and program compliance did not provide this level of assurance. Specifically, the Department’s decision to review only five client files per subrecipient did not provide reasonable assurance of each subrecipient’s compliance when the average subrecipient served 1,413 clients, as illustrated in the Description of Condition. Based on this evidence, the Department only reviewed a total of 230 client files during the audit period, which makes up less than 0.4 percent of the total number of clients served.
In addition, the Department’s decision to not review transaction-level supporting documentation at the time of issuing payment to subrecipients means that the monitoring of subrecipients was also being relied upon to ensure all payments made to subrecipients were only for allowable activities under the subaward. In our judgment, the procedures in place requiring only five client files be reviewed for each subrecipient were not sufficient to provide reasonable assurance of material compliance with the requirements for Activities Allowed or Unallowed and Allowable Costs/Cost Principles.
We reaffirm our audit finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting the allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-028 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $75,251,225
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated SLFRF funding to the Department for the purpose of providing assistance to public and private water, sewer, garbage, electric, and natural gas utilities to reduce residential customer account balances that were accrued between March 1, 2020, and December 31, 2021, and were unpaid due to the COVID-19 pandemic and the related economic downturn. The Department’s Energy Division expended more than $101 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the Legislature to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities;
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
• American community survey poverty data; and
• Whether the utility has leveraged other fund sources to reduce customer arrearages.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to monitor subrecipients and to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program.
During the audit period, the Department reimbursed more than $101 million in SLFRF funds to 62 different utilities and community action program subrecipients. Utilities were instructed to submit a request summarizing the outstanding arrearage balance for existing utility customers as of March 31, 2022. We determined the Department did not adequately monitor any of the 62 utilities and community action program subrecipients to ensure that payments issued by the Department were for allowable activities and only eligible households received assistance.
The Department received the arrearage balances and awarded funds to utilities in November 2022. At the time the Department awarded funds, utilities were directed to provide updated balances. Several utilities reported changes to their arrearage balances, and no longer needed awards based on the initial data. These funds were returned to the Department and redistributed to other utilities that had remaining arrearage balances after the initial allotment of funds.
We used a non-statistical sampling method to randomly select and examine 15 out of 94 payments to subrecipients, in addition to seven individually significant payments. Of the payments examined, we found none of the 22 payments had adequate documentation to support the payments were for allowable activities under the subaward, met cost principles, and occurred within the award’s period of performance. The Department did not obtain documentation from the utilities demonstrating when each household arrearage balance was accrued. Therefore, we cannot determine whether the amounts reimbursed to subrecipients were adequately supported, and that the underlying costs were incurred during the period of performance of the subaward.
The Department also did not ensure subawards issued to subrecipient utilities contained accurate information. We randomly selected and examined 12 out of 62 subawards issued during the audit period, including five individually significant subawards, and found all 17 subawards (100 percent) did not include the correct period of performance of the federal SLFRF award. In each instance, the Department communicated to the subrecipient that the period of performance of the subaward should include low-income customer arrearages that were accrued between March 1, 2020, and December 31, 2021. However, the period of performance for the federal award began on March 3, 2021.
In addition, the Legislature required participating utilities to submit reports to the Department by March 1, 2023, documenting how funds were used to support households. We determined the Department did not collect and review these reports from any of its subrecipients, and did not perform any additional fiscal or programmatic monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Division management for the Department did not request reports on households served with program funding from its subrecipients, as the Legislature required. Instead, the Department instructed subrecipients to summarize the number of households that qualified for assistance, and the Department did not request supporting documentation to demonstrate that individual households were eligible to receive assistance and the amounts reimbursed to the subrecipient for each household’s utility arrearage were accurate and adequately supported.
Additionally, the Legislature authorized the Department to expend these funds for activities that partly occurred outside of the period of performance for the federal award.
Effect of Condition and Questioned Costs
We determined the Department did not request and review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal monitoring to ensure that funds paid to subrecipients were disbursed only for eligible households and for allowable activities. As a result, we identified $75,251,225 in known federal questioned costs and $101,433,722 in likely federal questioned costs.
Without establishing adequate internal controls and reviewing required supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Further, by not properly labeling the subawards, the subrecipients may not be aware that federal regulations pertaining to subrecipients apply to their subawards.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Establish internal controls to ensure payments to subrecipients are adequately supported, allowable and only reimburse costs incurred during the period of performance
• Ensure each subaward contains all federally required elements, in accordance with Uniform Guidance, including clearly identifying it as a subaward
• Ensure it collects the household reports from all subrecipients, as required by the Legislative mandate
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The COVID-19 pandemic caused a global economic slowdown and an economic downturn in Washington State, which resulted in layoffs and reduced work hours for a significant percentage of our workforce and reductions in business activity. The pandemic resulted in significant economic impacts on our economy including the threat of utility services being disconnected and late payment fees imposed. Maintaining utility services during the crises was an essential tool in sustaining and protecting the health and welfare of our businesses and citizens.
On February 29, 2020 Proclamation 20-23.2 Ratepayer Assistance and Preservation of Essential Services was signed to protect the availability and affordability of essential utility services for those economically impacted by the COVID-19 pandemic through a variety of measures, including: suspending disconnection of utilities for nonpayment, waiving late fees, working with affected utility customers to establish payment arrangements, and improving access to energy assistance for affected customers. The result of this proclamation compounded customer account balances and generated over $160 million in arrearages for Washington utilities.
ENGROSSED SUBSTITUTE SENATE BILL 5693, Section 128 (199), 2022 Supplemental Operating Budget provided the Legislature appropriate $100 million for public and private water, sewer, garbage, electric and natural gas utilities arrearages. The funding was used by utilities to reduce residential customer accrued arrearages.
As a result of the bill, the Department received specific information from each utility provider expecting that information was appropriate documentation at that time. The Department acknowledges the information obtained did not include the appropriate supporting documentation as required by the Code of Federal Regulations. The Department funded the arrearages for the period of performance allowed in the Senate Bill from March 1, 2020 through December 31, 2021. The Senate Bill approved and provided the incorrect period of performance which may have resulted in unallowable costs of arrearages paid between March 1, 2020 through March 2, 2021. The Department will work with the legislature and Office of Financial Management (OFM) on next steps. OFM has already been notified of this circumstance. The Department will also work with utility providers to obtain detailed supporting documentation to reconcile all arrearages paid to determine and verify the amounts expended. All variances will be reviewed. The Department will work with OFM to determine next steps for the reporting of any variances or deficiencies identified. All deficiencies reported will be used to strengthen internal controls and compliance for future awards.
In 2022, prior to this audit, all Department federal contract templates were updated to identify if the contract recipient type was a contractor or subrecipient. The Department’s use of the term “contractor’ was in reference to the contract, it was not intended to designate the recipient type. The updated templates now remove any confusion of the recipient type.
We thank the Washington State Auditor’s Office for the opportunity to provide a response to the audit finding and provide the steps the Department is actively taking to remediate all deficiencies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 35, Pandemic Relief Programs, section 5, Use of funds, establishes the period of performance for the Coronavirus State and Local Fiscal Recovery Funds and states, in part:
35.5 Use of funds.
(a) In general. A recipient may only use funds for the purposes enumerated in § 35.6 (b) through (f) to cover costs incurred during the period beginning March 3, 2021, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2) and 603(c)(2) of the Social Security Act, as applicable. A recipient may only use funds for the purposes enumerated in § 35.6 (g) through (h) to cover costs incurred during the period beginning December 29, 2022, and ending December 31, 2024, subject to the restrictions set forth in sections 602(c)(2), 602(c)(5)(C), 603(c)(2), and 603(c)(6)(B) of the Social Security Act, as applicable.
(b) Costs incurred. A cost shall be considered to have been incurred for purposes of paragraph (a) of this section if the recipient has incurred an obligation with respect to such cost by December 31, 2024.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
Section 128. FOR THE DEPARTMENT OF COMMERCE
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations;
(1) $100,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.
a. By May 27, 2022, each utility that wishes to participate, must opt-in to the grant program by providing the department the following information:
i. Current arrearage balances for residential customers as of March 31, 2022; and
ii. Available information on arrearage balances of low-income customers, including customers who received assistance from the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs between April 1, 2020, and March 31, 2022, as of March 31, 2022. If a utility does not have access to information regarding customer participation in these programs, the department must distribute funding to the community action program serving the same service area as the utility instead of the utility.
b. In determining the amount of funding each utility may receive, the department must consider:
i. Each participating utility’s portion of the aggregate amount of arrearages among all participating utilities;
ii. Utility service areas that are situated in locations experiencing disproportionate environmental health disparities;
iii. American community survey poverty data; and
iv. Whether the utility has leveraged other fund sources to reduce customer arrearages.
c. The department may retain up to one percent of the funding provided in this subsection to administer the program.
d. Each utility shall disburse funds directly to customer accounts by December 31, 2022. Funding shall only be distributed to customers that have participated in the low-income home energy assistance program, low-income water assistance program, or ratepayer-funded assistance programs.
e. Utilities may, but are not required to, work with other utilities or use community action agencies to administer these funds following the eligibility criteria for the low-income home energy assistance program and the low-income household water assistance program.
f. By March 1, 2023, each utility who opted into the grant program must report to the department, utilities and transportation commission, and state auditor on how the funds were utilized and how many customers were supported.
g. Utilities may account for and recover in rates administrative costs associated with the disbursement of funds provided in this subsection.
2023-029 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Subrecipient Monitoring
Known Questioned Cost Amount: $312,659,850
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program provides direct payments to states to respond to the COVID-19 pandemic and its negative economic effects. Washington received about $4.4 billion of SLFRF funds from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent more than $1.7 billion in SLFRF funds, $344 million of which was spent by the Department of Social and Health Services.
The Department spent more than $332 million to administer financial assistance through the Washington Immigrant Relief Fund to people in Washington who lacked permanent legal status. The purpose of this program was to provide cash grants to residents of Washington who were at least 18 years old and were ineligible to receive federal economic impact payments or unemployment benefits due to their immigration status. The Legislature appropriated $340 million to the Department in SLFRF funding to administer one-time grants to eligible recipients during fiscal year 2023. Under the legislative mandate, the Department could not spend more than 10 percent of the appropriated funds for the administration of the program. In total, the Department paid more than $312 million in cash grants to approved recipients.
According to the legislative mandate, people needed to complete an application and meet the following eligibility requirements to receive a grant:
• The person must live in Washington state.
• The person must be age 18 years, or older.
• After January 1, 2021, and before June 30, 2023, the person must have been significantly affected by the COVID-19 pandemic.
• The person must not be eligible to receive federal economic impact payments or unemployment insurance benefits due to immigration status.
• The person may not receive more than three grants.
The Department was required to prioritize granting payments to people who had the greatest need of assistance. The factors used to prioritize need included:
• People who had a total household income at or below 250 percent of the federal poverty level
• People who were the primary or sole income earner of their household
• People who experienced housing instability
• People who contracted or were at high risk of contracting COVID-19
During the audit period, the Department contracted with a for-profit subrecipient to implement and manage the program. The funds expended in the audit period were the final round of funding for this program. In prior years, there were two other rounds of funding, each of which provided $1,000 cash grants to approved recipients. For the final round of funding, the Department reimbursed the subrecipient for issuing additional grants of $3,075 to 101,678 approved recipients in the form of either a check or prepaid debit card.
Each round of funding was managed by a different subrecipient. To receive a grant, the Department instructed its subrecipients to approve applications for people who met all criteria outlined above, as well as demonstrate the applicants had not yet received the maximum allowable number of three grants. Applicants were allowed to participate in all three rounds of funding, provided they met all eligibility requirements to receive assistance. In total, the same recipient could have received $5,100 in cash grants from the state as part of the Immigrant Relief program.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Some federal awards may be passed through to for-profit entities, who are accountable to the pass-through entity for the use of the federal funds provided. Because for-profit subrecipients are not subject to audit requirements under the Uniform Guidance, Subpart F, the Department is responsible for establishing requirements, as necessary, to ensure the for-profit subrecipient complies with the terms and conditions of its subaward. The agreement with the for-profit subrecipient should describe applicable compliance requirements and the for-profit subrecipient’s compliance responsibility. Methods to ensure for-profit subrecipients’ compliance may include pre-award audits, monitoring the subrecipient during the agreement, and conducting post-award audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF program.
During the audit period, the Department awarded funds to its subrecipient to implement and manage the program, including creating an application platform, determining the eligibility of applicants to receive financial assistance, and distributing Department funds to third-party vendors to facilitate payments to recipients. However, the application developed by the subrecipient and approved by the Department did not address each eligibility criterion established by the Legislature. In addition, the application’s questions were written in a way that a person’s responses could be truthful and make them appear to be eligible for assistance but not meet the criteria of the legislative mandate. Specifically, the application:
• Asked applicants to answer whether they “received a federal stimulus check” or “received unemployment benefits during the pandemic,” without specifically asking if it was due to their immigration status, which was a core eligibility requirement
• Included two scenarios that did not necessarily indicate whether someone had been significantly affected by the COVID-19 pandemic. These scenarios were whether applicants had borrowed money from a friend or relative, and whether they were past due on rent, mortgage payments, utility bills, or had lost their housing.
The Department’s award contract to the subrecipient outlined that for the subrecipient to receive funds for the grant award, it would need to submit a list of all approved applicants when requesting payments. However, the subrecipient was required to redact all personally identifiable information before submitting the list of applicants to the Department. The contract also specified the Department would complete a review of applications to ensure the subrecipient was correctly determining eligibility.
The subrecipient included the list of approved applicants when it submitted invoices to the Department requesting reimbursement for funds rendered to clients. However, these invoices contained only the application identification numbers for approved applicants and their payment amounts. The invoices did not include any information to identify the applicant or support the subrecipient’s eligibility determination. Department officials said the subrecipient maintained all supporting documentation to demonstrate an applicant was eligible. However, because the Department did not request documentation from the subrecipient to support those grant payments to applicants, the Department could not determine if the applicants were eligible and the payments were actually dispersed to them. Ultimately, due to the lack of supporting documentation, we could not determine whether the Department used program funds for allowable activities, or that recipients who received grants met all requirements established by the Legislature.
On four separate occasions, the Department requested the subrecipient to provide 250 beneficiary applications so staff could review them to determine whether the subrecipient correctly determined that applicants were eligible to receive financial assistance. The subrecipient picked the samples each time, and the Department did not receive details about the sampling methodology the subrecipient used to determine the samples. Each batch only included de-identified samples that did not have any personally identifiable information. Therefore, the Department did not have sufficient information to review to ensure all eligibility and prioritization criteria, as outlined in the legislative mandate, were met. In addition, the Department did not retain any of the supporting documentation it did receive from the subrecipient. We determined the Department’s monitoring design for the subrecipient was insufficient to determine whether only eligible applicants received grants, or if all recipients actually existed. Specifically, the Department could not determine whether the recipients:
• Had already applied for and were denied eligibility for unemployment insurance benefits by the state, due to their immigration status
• Were not eligible to receive federal economic impact payments due to their immigration status
• Were residents of Washington state
• Did not already receive the maximum allowable number of grants under the program
• Met the income requirement to be at or below 250 percent of the federal poverty level
Once the application period ended, the subrecipient provided the Department with a list of all approved applicants, which totaled 101,678 people. Although the first two awards given to recipients were $1,000 each, the Department decided it would evenly distribute the remaining funds between everyone who had been approved to receive a grant. Department management said they chose to distribute the remaining funds this way to minimize public concerns about unallocated grants. Based on the total number of applicants and the remaining funds, management in the Department’s Office of Refugee and Immigrant Assistance determined each grant award would be $3,075.
While the Department did perform some fiscal monitoring of the subrecipient’s administrative costs, management chose not to complete any fiscal monitoring of the grant award payments.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department approved the eligibility application that the subrecipient created, but the application did not ensure only eligible applicants were approved because it included criteria that was not in the legislative mandate.
In addition, management wrote the award contract in a way that restricted the subrecipient from providing any personally identifiable information for applicants. Without this information, the Department could not sufficiently monitor the subrecipient to ensure only eligible applicants were approved and received grant funds.
Since the subrecipient was required to retain all supporting documentation, the Department could have performed fiscal monitoring to ensure the grant payments to the subrecipient were distributed only to eligible applicants. However, management said the Department had no plans to do so.
Effect of Condition and Questioned Costs
We determined the Department did not review adequate supporting documentation before paying the subrecipient for applications processed during the audit period. Since the Department did not perform adequate monitoring to ensure that expenditures were for allowable activities, it does not have assurance that the subrecipient spent program funds in accordance with the legislative mandate. As a result, we identified $312,659,850 in known federal questioned costs.
Without establishing adequate internal controls and reviewing detailed supporting documentation from the subrecipient for grant awards, including verifying that only eligible applicants received grant funds, the Department did not reasonably ensure it used federal funds for allowable purposes and that spending occurred within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Perform a sufficient level of subrecipient monitoring that meets federal requirements so the Department can reasonably determine whether its subrecipient only disbursed grant funds to eligible applicants
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department partially concurs with the Auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) administered the fund and contracted with a subrecipient organization to conduct eligibility determinations and to approve and disburse funds to undocumented immigrants.
The final payments went out in early 2023 and the Washington COVID-19 Immigrant Relief Fund is now closed and all subrecipient contracts have ended.
We concur that we should have strengthened our internal controls to have reasonably determined the subrecipient only disbursed grant funds to eligible applicants. ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
In addition, the Office of the Secretary will request the Department’s Internal Audit and Consultation office conduct an internal audit of ORIA to ensure the program implements strong internal controls, properly accounts for federal funds, and materially complies with federal requirements.
The Department does not concur with the questioned costs. The Department used the funds to assist Washington workers/families who were affected by the COVID-19 pandemic but were unable to access federal stimulus programs and other social supports due to their immigration status. Repayment of these funds would only hinder the state’s ability to provide critical services to our clients.
If the grantor contacts the Department regarding the questioned costs, the Department will discuss the manner in which we used the funds with the Department of Health & Human Services and will take additional action if appropriate.
Auditor’s Remarks
We appreciate the Department acknowledging that internal controls need to be strengthened. Regarding the Department not concurring with questioned cost, we determined the Department did not review supporting documentation from the subrecipient to demonstrate that assistance only went to eligible beneficiaries and therefore does not have assurance that federal funds were properly spent.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
State of Washington Engrossed Substitute Senate Bill 5092, 67th Legislature 2021 Regular Session, Operating Budget, states in part:
NEW SECTION. Section 205. FOR THE DEPARTMENT OF SOCIAL AND HEALTH SERVICES – ECONOMIC SERVICES PROGRAM
Coronavirus State Fiscal Recovery Fund – Federal
The appropriations in this section are subject to the following conditions and limitations:
15. $340,000,000 of the coronavirus state fiscal recovery fund – federal appropriation is provided solely for the Washington immigrant relief fund, a disaster assistance program to provide grants to eligible persons. Administrative costs may not exceed 10 percent of the funding in this subsection.
a. A person is eligible for a grant who:
I. Lives in Washington state;
II. Is at least 18 years of age;
III. After January 1, 2021, and before June 30, 2023, has been significantly affected by the coronavirus pandemic, such as loss of employment or significant reduction in work hours, contracting the coronavirus, having to self-quarantine as a result of exposure to the coronavirus, caring for a family member who contracted the coronavirus, or being unable to access childcare for children impacted by school or childcare closures; and
IV. Is not eligible to receive federal economic impact (stimulus) payments or unemployment insurance benefits due to the person’s immigration status.
b. The department may not deny a grant to a person on the basis that another adult in the household is eligible for federal economic impact (stimulus) payments or unemployment benefits or that the person previously received a grant under the program. However, a person may not receive more than three grants.
c. The department’s duty to provide grants is subject to the availability of the amounts specified in this subsection, and the department must prioritize grants to persons who are most in need of financial assistance using factors that include, but are not limited to: (i) Having an income at or below 250 percent of the federal poverty level; (ii) being the primary or sole income earner of household; (iii) experiencing housing instability; and (iv) having contracted or being at high risk of contracting the coronavirus.
The department may contract with one or more entities to administer the program. If the department engages in a competitive contracting process for administration of the program, experience in administering similar programs must be given weight in the selection process to expedite the delivery of benefits to eligible applicants.
2023-030 The Office of Financial Management did not have adequate internal controls over and did not comply with reporting requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-020
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. The program also provides resources to fight the pandemic, address economic impacts, maintain vital public services, and build a strong, resilient, and equitable recovery.
Washington received about $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, Washington spent more than $1.8 billion in federal program funds.
Under the SLFRF program, recipients are required to submit Project and Expenditure Reports during the covered period, which began March 3, 2021, and ends December 31, 2024. Treasury identified the following key line items that contain critical information:
1. Obligations and Expenditures
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
2. Revenue loss calculation validation
3. Capital Expenditures
The Office was responsible for compiling information from state agencies and submitting the reports no later than the last day of the month following the end of each reporting period. The Office was also responsible for calculating and reporting the state’s revenue losses from the pandemic, as well as identifying SLFRF projects with capital expenditures that required written justifications.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program. The prior finding number was 2022-020.
Description of Condition
The Office did not have adequate internal controls over and did not comply with reporting requirements for the SLFRF program.
During the audit period, the Office submitted four quarterly Project and Expenditure Reports:
• Report No. 4 (covering activity from July 1, 2022, through September 30, 2022)
• Report No. 5 (covering activity from October 1, 2022, through December 31, 2022)
• Report No. 6 (covering activity from January 1, 2023, through March 31, 2023)
• Report No. 7 (covering activity from April 1, 2023, through June 30, 2023)
Office staff prepared the reports by collecting and compiling reporting information from each state agency. For all four reports, we found that the Office did not have adequate supporting documentation for amounts reported under current period and cumulative obligations.
We also found the Office did not have adequate internal controls to ensure material compliance with the capital expenditure requirement. We identified 14 out of 95 projects for which the Office did not follow up to determine whether there were capital expenditures incurred. Eight projects had expenditures greater than $1 million during fiscal year 2023, and two of those projects required written justifications. We found the Office did not have the required written justifications for two out of eight (25 percent) projects.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office did not require state agencies to include supporting documentation when they reported their obligations at the end of each reporting period. Instead, the Office relied on self-reporting by agencies without ensuring supporting documentation was provided and retained. In addition, management did not ensure that information provided by agencies was reviewed to ensure the project and expenditure reports are complete, accurate, and adequately supported. In addition, the Office was unable to confirm all information reported for capital expenditures was adequately supported.
Effect of Condition
We focused our review on the obligation and expenditure key line items for the Department of Commerce (Commerce) and Department of Social and Health Services (DSHS). Combined, these two agencies accounted for about 57 percent of total SLFRF expenditures during fiscal year 2023.
We determined that both agencies’ current period and cumulative expenditures were accurate and supported, and any variances were not material to the overall reporting. However, we were unable to confirm whether the supporting documentation for both agencies’ reported obligations accounted for all activity during each reporting period. Therefore, our estimates of overreported and underreported obligations for both agencies in the tables below are based on the agency reports for obligations available at the time of the audit.
Commerce
We found that the current period obligations for Commerce in all four reports did not have adequate supporting documentation.
We also found that cumulative obligations for Commerce in all four reports did not have adequate supporting documentation.
As of the final fiscal year 2023 report, Commerce’s cumulative obligations totaled $985,274,734 and cumulative expenditures totaled $783,360,809. Because Commerce’s expenditures were accurate and supported, we calculated the variance to be the net of the unsupported obligations minus supported expenditures, or $201,913,924 (difference due to rounding).
DSHS
In two reports, we identified reporting variances for current period obligations reported for DSHS, including $7,158,350 in overreported obligations in Report No. 7. DSHS reported $17,781,970 in current obligations for Report No. 7.
We also found that cumulative obligations were underreported by $1,445,556 compared to estimated expected obligations of $363,451,530.
To determine the magnitude of the reporting variances, we totaled the largest current period obligation variance for DSHS with the net unsupported obligations for Commerce. This totaled $209,081,184, or about 11 percent of total SLFRF expenditures during fiscal year 2023. Our determination of the variance is an estimate because documentation necessary to calculate accurate obligation amounts for each reporting period was not available.
By not establishing adequate internal controls, the Office cannot ensure that information reported to the federal grantor is complete and accurate. Without complete supporting documentation for obligations, management is not able to demonstrate that amounts reported to the federal grantor are complete and accurate.
Recommendations
We recommend the Office:
• Establish internal controls to ensure reported obligations are supported by source documentation, which should be retained and available for review
• Improve internal controls to ensure staff continue to follow up with agencies that report incomplete information
• Ensure that management verifies reporting information is adequately supported before certifying and submitting the report
Office’s Response
The Office will continue to communicate to agencies the importance of maintaining adequate source supporting documentation for future project and expenditure reports. Although a complete cumulative obligations report as of the report date was not maintained supporting the project and expenditure report, all obligations are supported by grant agreements, contracts, and purchase orders. Additionally, the Office was able to provide the auditor a current report including all obligations to date which exceeded the cumulative obligations during the reporting period.
The Office continues to improve the reporting template used to collect the required information from agencies and frequently meets with agencies to discuss the reporting requirements to ensure the quarterly Project and Expenditure Reports are complete, accurate, and supported. The Office will continue its review and verification process to ensure information is adequately supported before certifying and submitting the report. As noted in the U.S. Treasury reporting guidance, corrections or any changes to the report need to be reflected in the next Project and Expenditure report. As a result, the supporting documentation for the quarter may not align with the quarterly reports.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Office of Management and Budget, 2 CFR Part 200, Appendix XI, 2023 Compliance Supplement, for Assistance Listing 21.027 Coronavirus State and Local Fiscal Recovery Funds, states in part:
L. Reporting
2. Performance Reporting
Title of Report: Project and Expenditure Report
PRA Number: 1505-0271
Reporting Cycle: Quarterly and Annual
Authoritative Requirement: 2 CFR 200.328 and 31 CFR section 35.4(c) Reporting and requests for other information
Blank Copy of the Report: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Instructions: https://home.treasury.gov/policyissues/coronavirus/assistance-for-state-local-and-tribal-governments/state-andlocal-fiscal-recovery-funds/recipient-compliance-and-reporting-responsibilities – See pages 17 through 34.
Report Corrections: Recipients will have an opportunity to reopen and provide edits to their submitted Project and Expenditure Reports any time before the reporting deadline. Recipients will then be required to re-certify and submit the report again to properly reflect any edits made. After the reporting deadline, unless prompted by Treasury staff, recipients will not be able to edit their submitted report, any changes or revisions will need to be reflected in the next Project and Expenditure report.
The Office of Recovery Program’s (ORP) reporting portal has built-in functionality to reopen a report and allow recipients to make edits after the reporting deadline. However, it is ORP’s policy that recipients may only make revisions if authorized by Treasury staff for a period of up to 60 days after the reporting deadline. After the revision period ends, the report is final. A resubmitted report becomes a recipient’s final report within ORP’s reporting portal. Recipients can generate PDFs of this reports at any time.
Key Line Item(s)- The following line items contain critical information:
1. Obligations and Expenditures- Quantifiable Objective Criteria: Reported obligations and expenditures. (See pages 16 and 17 of the above links.)
a. Current period obligation
b. Cumulative obligation
c. Current period expenditure
d. Cumulative expenditure
Revenue loss calculation validation- Note- Recipients may elect a “standard allowance” of up to $10 million to spend on government services through the period of performance instead of using the full formula specified in the final rule. The standard allowance is available to all recipients. See page 30 for when recipients may modify their revenue loss election. Quantifiable Objective Criteria: Recipient’s application of the revenue loss calculation is accurate if they did not elect the standard allowance. Specific information regarding the revenue loss formula can be found in paragraph (d)(2) of 31 CFR § 35.6 at 31 CFR § 35.6(d)(2)(d)(2).
Capital Expenditures- Quantifiable Objective Criteria: The recipient has the required written justification in their grant file if the total of the capital expenditures costs in a project is greater than or equal to $1 million and less than $10 million; or, the recipient submitted the required justification to Treasury if (1) a project has total capital expenditures costs greater than $10 million for capital expenditures enumerated by Treasury in the final rule; or (2) the total of a project’s capital expenditures costs is greater than $1 million for capital expenditures not enumerated by Treasury in the final rule. Note: Capital expenditures paid for using revenue replacement funds are not subject to this requirement. Tribal governments are not required to complete the written justification. (See 31 CFR section 35.6(b)(4))
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-021
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients.
Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility.
In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider:
• Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities
• Utility service areas that are situated in locations experiencing disproportionate environmental health disparities
• American community survey poverty data
• Whether the utility has leveraged other fund sources to reduce customer arrearages
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients.
During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities.
Effect of Condition
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendations
We recommend the Department:
• Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements
• Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results
Department’s Response
The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements.
The Washington State Legislature issued the following proviso for funding by the Department:
“$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.”
The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements.
The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments.
The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded.
The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified.
Auditor’s Remarks
Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year.
We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce.
The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF.
During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different.
Recommendation
We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract.
Department’s Response
The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested.
The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding.
Auditor’s Remarks
We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-033 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it filed all reports required by the Federal Funding Accountability and Transparency Act for the Title I, Part A program.
Assistance Listing Number and Title: 84.010 Title I Grants to Local Educational Agencies
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S010A200047; S010A210047; S010A220047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Office of Superintendent of Public Instruction administers the Title I Grants to Local Educational Agencies (Title I, Part A) program in Washington. The program provides financial assistance to help improve the teaching and learning of children who are at risk of not meeting challenging academic standards and who reside in areas with high concentrations of children from low-income families.
In fiscal year 2023, the Office spent about $276 million in federal program funds, including about $271 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Office is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Office must report subawards by the end of the month following the month in which it made the subaward. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
All program subawards are issued through both iGrants and the Education Grants Management System. The Office uses these systems to gather all the appropriate data for reporting. There were 503 Title I, Part A subawards eligible for reporting in fiscal year 2023, totaling $276,437,586.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls to ensure it filed all reports required by the Act for the Title I, Part A program.
During the audit period, the Office was required to report 503 subawards, totaling about $276 million of program funds that it awarded to subrecipients. We used a statistical sampling method to randomly select and examine 56 of the 503 subawards and found that two (3.6 percent), totaling $207,833, were not reported within FSRS.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
When uploading files into FSRS, records can be rejected from the report due to congressional district errors that occur when ZIP codes in the database do not match what is included in an uploaded report. When records are removed from the upload, they must be manually added back into the report. While manually readding records that were removed, the Office inadvertently missed reporting some subawards.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure all required reports are submitted
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
Office’s Response
In response to the audit finding, the Office will:
• Establish effective internal controls to ensure all required reports are submitted. Current cross-checking will always include the Title I, part A program.
• Ensure management monitors reporting of this information monthly to ensure future reports are submitted completely and accurately.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-033 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it filed all reports required by the Federal Funding Accountability and Transparency Act for the Title I, Part A program.
Assistance Listing Number and Title: 84.010 Title I Grants to Local Educational Agencies
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S010A200047; S010A210047; S010A220047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Office of Superintendent of Public Instruction administers the Title I Grants to Local Educational Agencies (Title I, Part A) program in Washington. The program provides financial assistance to help improve the teaching and learning of children who are at risk of not meeting challenging academic standards and who reside in areas with high concentrations of children from low-income families.
In fiscal year 2023, the Office spent about $276 million in federal program funds, including about $271 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Office is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Office must report subawards by the end of the month following the month in which it made the subaward. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
All program subawards are issued through both iGrants and the Education Grants Management System. The Office uses these systems to gather all the appropriate data for reporting. There were 503 Title I, Part A subawards eligible for reporting in fiscal year 2023, totaling $276,437,586.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls to ensure it filed all reports required by the Act for the Title I, Part A program.
During the audit period, the Office was required to report 503 subawards, totaling about $276 million of program funds that it awarded to subrecipients. We used a statistical sampling method to randomly select and examine 56 of the 503 subawards and found that two (3.6 percent), totaling $207,833, were not reported within FSRS.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
When uploading files into FSRS, records can be rejected from the report due to congressional district errors that occur when ZIP codes in the database do not match what is included in an uploaded report. When records are removed from the upload, they must be manually added back into the report. While manually readding records that were removed, the Office inadvertently missed reporting some subawards.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure all required reports are submitted
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
Office’s Response
In response to the audit finding, the Office will:
• Establish effective internal controls to ensure all required reports are submitted. Current cross-checking will always include the Title I, part A program.
• Ensure management monitors reporting of this information monthly to ensure future reports are submitted completely and accurately.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-037 The Office of Financial Management did not have adequate internal controls over and did not comply with federal level of effort requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS)
84.425W COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief –Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S Department of Education awarded ESF grants to the Office of Financial Management (Office), which then dispersed funds to the Office of Superintendent of Public Instruction for pass through to Local Education Agencies (LEAs). During fiscal year 2023, the state spent more than $1.03 billion in ESF federal funding.
The ESF program included a level of effort requirement to ensure states provided a minimum level of funding to LEAs based on prior years. Under the American Rescue Plan Act of 2021,
ESF recipients were required to meet a proportional amount of their state’s support for elementary and secondary education relative to their overall spending, averaged over fiscal years 2017, 2018 and 2019.
In fiscal year 2022, the state did not meet the proportional spending amount for K-12 education, but received a waiver for this requirement after the year had ended.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal level of effort requirements for the ESF program.
The Office did not perform the calculations required to monitor the level of effort requirements for the ESF program during fiscal year 2023. After the year was over, the Office determined that the fiscal year 2023 expenditures did not meet the level of effort requirement.
When compared to overall state spending, the average amount of state spending on elementary and secondary education for fiscal years 2017, 2018 and 2019 totaled 49.35 percent of the state’s budget. The state was required to spend at least this percentage toward education in fiscal year 2023. However, the state only expended 42.99 percent of total state spending on education, meaning the level of effort requirement was not met by about 6.36 percent, or $2,103,004,922.
In fiscal year 2022, the Office submitted a waiver request to the U.S. Department of Education for fiscal years 2022 and 2023. However, the U.S. Department of Education did not approve the waiver for fiscal year 2023.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In response to the effects of the COVID-19 pandemic, the Legislature approved a 2021-23 state budget that spent proportionally more on social supports like food, rent and medical services than in prior years. Further, some state revenues declined between fiscal years 2020 and 2022 due to restrictions included in the Governor’s pandemic-related emergency proclamations that were intended to slow the spread of COVID-19. These changes, as well as directives to achieve state spending reductions, resulted in not meeting the ESF program’s level of effort requirement because the state budget allocated less funding to elementary and secondary education than the average of the previous three fiscal years.
Effect of Condition
By not establishing adequate internal controls, the Office cannot ensure the state is meeting the federal level of effort requirement for the ESF program. In addition, receiving a waiver from the U.S. Department of Education for this requirement is not guaranteed, and the waiver submitted for 2023 was not approved while the 2022 waiver was. By not complying with federal requirements, the Office risks having to repay federal funds or having future federal funds withheld.
Recommendation
We recommend the Office:
• Consult with the grantor to discuss the pending waiver request and the next steps it should take
• Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law
Office’s Response
The Office of Financial Management (OFM) does not concur with the finding and maintains that there are adequate internal controls in place to ensure compliance with federal requirements.
The finding was based on preliminary information and data that the auditors obtained in November 2023, despite our request to wait until the end of December 2023 when updated data would be available for submission to the Office of Elementary and Secondary Education (OESE).
The updated data we subsequently submitted to OESE was prepared in accordance with OESE guidance on maintenance of effort (MOE) requirements to correctly include every budgeted funding source in the MOE calculations. The updated data demonstrated that the state was successful in meeting MOE requirements for K-12 in FY23, which was the basis for reporting the final FY23 overall State spending data in the spring of 2024 per federal requirements. Because OFM met the MOE requirement for FY23, there is no need for a waiver request.
SAO’s assertion that our Office did not monitor data throughout the period is inaccurate. The Office maintains monthly monitoring details on agency expenditures. The expenditure data has not changed since the close of the fiscal year, but rather was compiled differently for reporting to OESE using the correct methodology prescribed by the grantor.
OFM will also continue to work with the Legislature, which is the state-level authority for state appropriations to ensure the state maintains the maintenance of effort requirements.
Auditor’s Remarks
The Office could not provide us with data required to perform the maintenance of effort calculations when we initially requested it in early November 2023 and confirmed no data had been pulled to determine whether the requirement had been met. While the Office appears to monitor monthly agency expenditure details, this was not done to determine if the state had met the maintenance of effort requirement. We acknowledge that the final report on the maintenance of effort would not be available until spring 2024. However, we will not test this report and only reviewed activities performed during the audit period to determine whether the state met the maintenance of effort requirements.
Once we were provided the necessary data to perform the calculations, it showed that the state did not meet the maintenance of effort requirements as of June 30, 2023. After we completed our testing, the Office notified us that the methodology used to determine what expenditures were allowable to include in the maintenance of effort calculations was updated. We understand the Office updated the methodology that was used when reporting data to the Office of Elementary and Secondary Education (OESE), however this methodology was changed over 6 months after the audit period was over.
We reaffirm our finding and will follow-up on the Office’s corrective actions in the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Coronavirus Response and Relief Supplemental Appropriations Act, 2021 (CRRSA Act) Sec. 317, states in part:
(a) At the time of award funds to carry out sections 312 or 313 of this title, a State shall provide assurances that such State will maintain support for elementary and secondary education (which shall include State funding to institutions of higher educations and state need-based financial aid, and shall not include support for capital projects or for research and development or tuition fees paid by students) in fiscal year 2022 at least at the proportional levels of such State’s support for elementary and secondary educations and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
(b) The Secretary may waive the requirement in subsection (a) for the purpose of relieving the fiscal burdens on State that have been experienced a precipitous decline in financial resources.
The American Rescue Plan Act of 2021, Section 2004. Maintenance of Effort and Maintenance of Equity, states in part:
I. State Maintenance of Effort. –
e. In general.–As a condition of receiving funds under sections 2001, a State shall maintain support for elementary and secondary education, and for higher education (which shall include state funding to institutions of higher education and State need-based financial aid, and shall not include support for capital projects or for research and development or tuition and fees paid by students), in each of fiscal years 2022 and 2023 at least at the proportional levels of such state’s support for elementary and secondary education and for higher education relative to such State’s overall spending, averaged over fiscal years 2017, 2018, and 2019.
Waiver.—For the purpose of relieving fiscal burdens incurred by States in preventing, preparing for, and responding to the coronavirus, the Secretary of Education may waive any maintenance of effort requirements associated with the Education Stabilization Fund.
2023-038 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal reporting requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425D COVID-19 Elementary and Secondary School Emergency Relief Fund (ESSER)
84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425U COVID-19 American Rescue Plan – Elementary and Secondary School Emergency Relief (ARP ESSER)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
84.425W COVID-19 American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund Homeless Children and Youth (ARP HCY)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D200015; S425D210015; S425R210012; S425V210012; S425U210015; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Education distributed funding to multiple federal subprograms of the Education Stabilization Fund (ESF). Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect that COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the ESF program, each with the intent to support public and non-public schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, for pass through to Local Education Agencies (LEAs). In fiscal year 2023, the state spent more than $1 billion in ESF federal funding.
The ESF program requires the Office to submit an annual performance report for the ESSER fund, with data on expenditures, planned expenditures, subrecipients, and uses of funds, including for mandatory reservations. Compliance testing of the annual performance report is only required for the following four key line items identified in the 2023 Compliance Supplement (Part 4 – Agency Program Requirements):
- Line 3.b1: LEA expenditures by ESSER subgrant fund, expenditure category and object code
- Line 3.b10: Number of specific positions supported with ESSER Funds
- Line 3.c: Allocation of ESSER funds to schools and criteria used to allocate them
- Line 5.a: Full-time equivalent positions
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal reporting requirements for the ESF program.
We reviewed the Office’s annual ESSER report, and found it did not submit any data related to the four key line items.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office did not have systems in place to collect the necessary data from LEAs to report on the four key line items. As a result, the Office did not collect the data from LEAs necessary to fulfill this requirement.
Effect of Condition
Failing to submit the required information diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure that it collects the data necessary to submit the annual ESSER report
• Consult with the federal grantor to determine if it is necessary to revise and resubmit the report
Office’s Response
OSPI acknowledges that certain data reporting elements in the ESSER report were not submitted. We reject the notion that this was due to lack of internal controls. Instead, the absence of data was a result of several factors, including but not limited to the timing of the publishing of the final federal reporting template, and the span of time for which we were reporting costs. The final reporting template for this information was published after several revisions after the time frame in which we would have needed to communicate with districts the specific level of detail at which costs would need to be captured for this purpose. Since the time frame for reporting costs did not align with the school district fiscal year, there was no reasonable way that OSPI could have used annual financial reporting for an approximation of expenditures. OSPI was not comfortable in making broad statewide assumptions across multiple cost categories to report at a district-by-district level with a high degree of accuracy. In lieu or reporting information that based on state level assumptions that likely would have conflicted with actual school district level expenditures, OSPI made the decision to leave certain sections of the cost report blank.
In order to not have blank fields on future federal ESSER reporting, OSPI is organizing a series of webinars and trainings for districts so that they are prepared to report this information directly to OSPI for future federal reporting periods. Through these webinars, OSPI’s fiscal team can answer questions and assist districts with this reporting to ensure it is timely, accurate, and tells the district story instead of a statewide assumption of the district story.
We have been in ongoing conversation with ED regarding our federal reporting on ESSER funds. At this time, there is no indication that they will request that the information be reporting by districts and then resubmitted to the Feds. We have communicated our challenges, concerns, and proposed resolution to them regarding this issue. We do not have any specific outstanding data requests due to the feds on this issue, and we do not plan on resubmitting.
Auditor’s Remarks
We appreciate the Office’s commitment to resolving these issues. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-042 The University of Washington did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242
NU2GGH002298; NU2GGH002360
NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-029
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, more than $41 million of which it awarded to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the University is required to collect and report information on each subaward of federal funds more than $30,000. The University must report subawards by the end of the month following the month in which it made the subaward or subaward amendment. The intent of the Act is to empower citizens with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The University generates subawards and subaward modifications using information from its Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system. The Office of Sponsored Programs (OSP) is responsible for monitoring whether FFATA applies to a subaward and ensuring the FFATA reporter is notified.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish and follow internal controls to ensure compliance with reporting requirements. The prior finding number was 2022-029.
Description of Condition
The University did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the act.
During the audit period, the University was required to report 45 subawards/modifications totaling more than $41 million of program funds that it awarded to 14 subrecipients.
We used a non-statistical sampling method and randomly selected ten out of 45 subawards required to be reported during the audit period. We found the University failed to report two subawards (20 percent) totaling $245,942 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University uses SPAERC to identify and monitor active subawards and subaward modifications for the Global AIDS program. However, OSP does not currently use SPAERC data to generate external reports to identify subawards and subaward modifications that require reporting in FSRS. During the audit period, the subaward administrator responsible for identifying and actively monitoring subawards and modifications for reporting purposes did not notify the FFATA reporter that such reporting applied to these subaward modifications.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the University for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the University:
• Establish effective internal controls to ensure reports are submitted, as required
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and accurately
University’s Response
The University acknowledges that two subawards were not reported in accordance with Federal Funding Accountability and Transparency Act (FFATA) requirements.
The University:
• Submitted the required reports as of November 21, 2023.
• Reviewed reporting for all subawards for the program active during fiscal year 2023 and ensured that all reports were submitted.
The University will continue to use the controls in place related to FFATA reporting, but will enhance through better use of the data in the Sponsored Projects Administration and Electronic Research Compliance (SPAERC) system and customized/configured reports using SPAERC data to identify reporting needs. The University will:
• Strengthen management monitoring process to ensure compliance with FFATA reporting requirements.
• Test the reports to assist in the identification and review of FFATA-reportable actions.
Given the timing of the audit filing, which was not until June, and the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including enhanced FFATA reporting tracking, was slow in FY23. Specifically, creation and implementation of the customized/configured reports using SPAERC data was delayed due to the enterprise-wide financial system replacement in July 2023, only one month after the official filing of the FY22 audit report. This impacted the Decision Support Services team responsible for generating such reconfigured reports, and that interrupted OSP’s ability to test out these reports. We expect these to be delivered and tested in FY25, but, in meantime, will use a more generic report generated by OSP staff to identify each subaward of federal funds more than $30,000, for timely reporting.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.067 Global AIDS
93.067 COVID-19 Global AIDS
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-030
Background
The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief.
Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics.
The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States.
In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients.
Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030.
Description of Condition
The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
We found the University did not have adequate internal controls in place to verify whether:
• Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who required a single or program-specific audit
We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed.
Effect of Condition
Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the University:
• Follow policies and procedures to ensure subrecipients receive required single or program-specific audits
• Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations
• Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
University’s Response
In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23.
The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations.
Auditor’s Remarks
We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part:
Background
Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary.
University Policy
UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward.
UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following:
• Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification)
Subrecipient Monitoring – Entity Level
Entity level monitoring consists of a combination of the following:
• Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official
• Annual audit assurance through an annual audit certification form
• Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-044 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 6NH231IP922619-04-01; 5 NH23IP922619-04-00;6 NH23IP922619-02-04;
6 NH23IP922619-02-06; 6 NH23IP922619-02-03; 6 NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $416,027
Prior Year Audit Finding: Yes, Finding 2022-031
Background
The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than $24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. The periods for this program are July 1 through June 30 of the associated fiscal year. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding number was 2022-031.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by program staff.
We used a statistical sampling method to randomly select and examine 56 out of 681 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $476,000 each. In total, we examined more than $2.4 million in provider payments as part of the audit. Of the 58 payments examined, we identified seven payments (12.5 percent) and one individually significant payment that did not have the required supporting documentation for the subrecipients’ assigned risk level.
In addition, we judgmentally selected and examined six high-risk transactions out of a population of 1,293 expenditures charged to the federal fiscal year 2023 award that opened during the audit period. We found four expenditures that were improperly charged to the grant because the activity occurred before the period of performance.
We also judgmentally selected and examined two out of a population of 167 expenditures charged to the federal fiscal year 2022 award that closed during the audit period. We found one expenditure was improperly charged to the grant because the activity occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Additionally, the Department did not ensure that expenditures that were cost allocated and directly charged during the opening and closing of awards were within the award’s period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The eight payments for which the Department did not have required supporting documentation from subrecipients totaled $404,592 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $588,502.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
For the federal fiscal year award 2023 that opened during the audit period, we identified questioned costs totaling $3,852.
For the federal fiscal year 2022 award that closed during our audit period, we identified questioned costs totaling $7,583.
In total, we identified $416,027 in known federal questioned costs and $599,937 in likely questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review, approve, and communicate approval of expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Improve its internal controls to ensure expenditures charged at the beginning and end of an award are within the period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunizations grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We do not concur with several of the exceptions and questioned costs identified. The Department believes there was a lack of understanding of DOH process related to allocation of space costs and how overtime is earned and accounted for according the Collective Bargaining Agreement. Additionally, while in some instances the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. •The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
The Department did not concur with some of the identified exceptions and stated it believed it was due to our Office’s lack of understanding of their processes. This assertion is not accurate. We understand their processes, but four of the exceptions were payments for services that occurred prior to the grant being open (expenses were for the month of June 2022, but the award opened July 1, 2022. These four exceptions included the “allocation of space costs and how overtime is earned and accounted for” referred to in the Department’s response. These exceptions were discussed in detail with the Department and during these discussions the Department mistakenly asserted that the time of payment was what determined compliance, not when the activity occurred. This is not correct and may be part of why the Department did not concur with the exceptions.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-045 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6NH23IP922619-04-01; 5NH23IP922619-04-00; 6NH23IP922619-02-04; 6NH23IP922619-02-06; 6NH23IP922619-02-03; 6NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-032
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for under immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than
$24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower people with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward or amendment is executed, Department staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 36 subawards and amendments in fiscal year 2023, totaling $20,915,787.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding number was 2022-32.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the Immunization program.
During the first three months of the audit period, management did not review the reports prior to submission. During this period, the Department executed 30 out of the 36 subawards and amendments (83 percent) totaling $17,474,404, which represented 84 percent of the total amount obligated in the fiscal year.
We used a non-statistical sampling method to randomly select and examine nine out of the total population of 36 subawards and amendments. We found:
• Five of the nine subawards and amendments (56 percent) were not reported timely.
• One of the nine subawards (11 percent) contained an incorrect Unique Entity ID (UEI), subawardee name and address.
We consider this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
For the first three months of the audit period, when most of the subawards were executed, the Department did not have procedures in place to ensure management did an adequate review of the reports—and documented that it occurred—before submitting them in FSRS. Furthermore, Department officials acknowledged that for the first part of the year, staff did not use the signature date as the obligation date, which resulted in reports being submitted late. Department officials also said the amendments were submitted late because they did not have the UEIs for the subawardees, which are required to complete the submission.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and timely reports. Furthermore, failing to submit complete, accurate and timely reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendation
We recommend the Department ensure management reviews required reports to ensure they are accurate and complete before submission.
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
1. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-044 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 6NH231IP922619-04-01; 5 NH23IP922619-04-00;6 NH23IP922619-02-04;
6 NH23IP922619-02-06; 6 NH23IP922619-02-03; 6 NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $416,027
Prior Year Audit Finding: Yes, Finding 2022-031
Background
The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than $24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. The periods for this program are July 1 through June 30 of the associated fiscal year. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding number was 2022-031.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by program staff.
We used a statistical sampling method to randomly select and examine 56 out of 681 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $476,000 each. In total, we examined more than $2.4 million in provider payments as part of the audit. Of the 58 payments examined, we identified seven payments (12.5 percent) and one individually significant payment that did not have the required supporting documentation for the subrecipients’ assigned risk level.
In addition, we judgmentally selected and examined six high-risk transactions out of a population of 1,293 expenditures charged to the federal fiscal year 2023 award that opened during the audit period. We found four expenditures that were improperly charged to the grant because the activity occurred before the period of performance.
We also judgmentally selected and examined two out of a population of 167 expenditures charged to the federal fiscal year 2022 award that closed during the audit period. We found one expenditure was improperly charged to the grant because the activity occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Additionally, the Department did not ensure that expenditures that were cost allocated and directly charged during the opening and closing of awards were within the award’s period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The eight payments for which the Department did not have required supporting documentation from subrecipients totaled $404,592 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $588,502.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
For the federal fiscal year award 2023 that opened during the audit period, we identified questioned costs totaling $3,852.
For the federal fiscal year 2022 award that closed during our audit period, we identified questioned costs totaling $7,583.
In total, we identified $416,027 in known federal questioned costs and $599,937 in likely questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review, approve, and communicate approval of expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Improve its internal controls to ensure expenditures charged at the beginning and end of an award are within the period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunizations grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We do not concur with several of the exceptions and questioned costs identified. The Department believes there was a lack of understanding of DOH process related to allocation of space costs and how overtime is earned and accounted for according the Collective Bargaining Agreement. Additionally, while in some instances the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. •The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
The Department did not concur with some of the identified exceptions and stated it believed it was due to our Office’s lack of understanding of their processes. This assertion is not accurate. We understand their processes, but four of the exceptions were payments for services that occurred prior to the grant being open (expenses were for the month of June 2022, but the award opened July 1, 2022. These four exceptions included the “allocation of space costs and how overtime is earned and accounted for” referred to in the Department’s response. These exceptions were discussed in detail with the Department and during these discussions the Department mistakenly asserted that the time of payment was what determined compliance, not when the activity occurred. This is not correct and may be part of why the Department did not concur with the exceptions.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-045 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6NH23IP922619-04-01; 5NH23IP922619-04-00; 6NH23IP922619-02-04; 6NH23IP922619-02-06; 6NH23IP922619-02-03; 6NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-032
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for under immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than
$24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower people with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward or amendment is executed, Department staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 36 subawards and amendments in fiscal year 2023, totaling $20,915,787.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding number was 2022-32.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the Immunization program.
During the first three months of the audit period, management did not review the reports prior to submission. During this period, the Department executed 30 out of the 36 subawards and amendments (83 percent) totaling $17,474,404, which represented 84 percent of the total amount obligated in the fiscal year.
We used a non-statistical sampling method to randomly select and examine nine out of the total population of 36 subawards and amendments. We found:
• Five of the nine subawards and amendments (56 percent) were not reported timely.
• One of the nine subawards (11 percent) contained an incorrect Unique Entity ID (UEI), subawardee name and address.
We consider this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
For the first three months of the audit period, when most of the subawards were executed, the Department did not have procedures in place to ensure management did an adequate review of the reports—and documented that it occurred—before submitting them in FSRS. Furthermore, Department officials acknowledged that for the first part of the year, staff did not use the signature date as the obligation date, which resulted in reports being submitted late. Department officials also said the amendments were submitted late because they did not have the UEIs for the subawardees, which are required to complete the submission.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and timely reports. Furthermore, failing to submit complete, accurate and timely reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendation
We recommend the Department ensure management reviews required reports to ensure they are accurate and complete before submission.
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
1. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-044 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 6NH231IP922619-04-01; 5 NH23IP922619-04-00;6 NH23IP922619-02-04;
6 NH23IP922619-02-06; 6 NH23IP922619-02-03; 6 NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $416,027
Prior Year Audit Finding: Yes, Finding 2022-031
Background
The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than $24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. The periods for this program are July 1 through June 30 of the associated fiscal year. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding number was 2022-031.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by program staff.
We used a statistical sampling method to randomly select and examine 56 out of 681 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $476,000 each. In total, we examined more than $2.4 million in provider payments as part of the audit. Of the 58 payments examined, we identified seven payments (12.5 percent) and one individually significant payment that did not have the required supporting documentation for the subrecipients’ assigned risk level.
In addition, we judgmentally selected and examined six high-risk transactions out of a population of 1,293 expenditures charged to the federal fiscal year 2023 award that opened during the audit period. We found four expenditures that were improperly charged to the grant because the activity occurred before the period of performance.
We also judgmentally selected and examined two out of a population of 167 expenditures charged to the federal fiscal year 2022 award that closed during the audit period. We found one expenditure was improperly charged to the grant because the activity occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Additionally, the Department did not ensure that expenditures that were cost allocated and directly charged during the opening and closing of awards were within the award’s period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The eight payments for which the Department did not have required supporting documentation from subrecipients totaled $404,592 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $588,502.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR § 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
For the federal fiscal year award 2023 that opened during the audit period, we identified questioned costs totaling $3,852.
For the federal fiscal year 2022 award that closed during our audit period, we identified questioned costs totaling $7,583.
In total, we identified $416,027 in known federal questioned costs and $599,937 in likely questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review, approve, and communicate approval of expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Improve its internal controls to ensure expenditures charged at the beginning and end of an award are within the period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunizations grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We do not concur with several of the exceptions and questioned costs identified. The Department believes there was a lack of understanding of DOH process related to allocation of space costs and how overtime is earned and accounted for according the Collective Bargaining Agreement. Additionally, while in some instances the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. •The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
The Department did not concur with some of the identified exceptions and stated it believed it was due to our Office’s lack of understanding of their processes. This assertion is not accurate. We understand their processes, but four of the exceptions were payments for services that occurred prior to the grant being open (expenses were for the month of June 2022, but the award opened July 1, 2022. These four exceptions included the “allocation of space costs and how overtime is earned and accounted for” referred to in the Department’s response. These exceptions were discussed in detail with the Department and during these discussions the Department mistakenly asserted that the time of payment was what determined compliance, not when the activity occurred. This is not correct and may be part of why the Department did not concur with the exceptions.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-045 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6NH23IP922619-04-01; 5NH23IP922619-04-00; 6NH23IP922619-02-04; 6NH23IP922619-02-06; 6NH23IP922619-02-03; 6NH23IP922619-02-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-032
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for under immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2023, the Department spent more than
$24.6 million in federal program funds, about $8.5 million of which it disbursed to subrecipients. The Department also received more than $97.6 million in non-cash assistance from the federal grantor in the form of vaccines.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower people with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward or amendment is executed, Department staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 36 subawards and amendments in fiscal year 2023, totaling $20,915,787.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding number was 2022-32.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the Immunization program.
During the first three months of the audit period, management did not review the reports prior to submission. During this period, the Department executed 30 out of the 36 subawards and amendments (83 percent) totaling $17,474,404, which represented 84 percent of the total amount obligated in the fiscal year.
We used a non-statistical sampling method to randomly select and examine nine out of the total population of 36 subawards and amendments. We found:
• Five of the nine subawards and amendments (56 percent) were not reported timely.
• One of the nine subawards (11 percent) contained an incorrect Unique Entity ID (UEI), subawardee name and address.
We consider this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
For the first three months of the audit period, when most of the subawards were executed, the Department did not have procedures in place to ensure management did an adequate review of the reports—and documented that it occurred—before submitting them in FSRS. Furthermore, Department officials acknowledged that for the first part of the year, staff did not use the signature date as the obligation date, which resulted in reports being submitted late. Department officials also said the amendments were submitted late because they did not have the UEIs for the subawardees, which are required to complete the submission.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and timely reports. Furthermore, failing to submit complete, accurate and timely reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendation
We recommend the Department ensure management reviews required reports to ensure they are accurate and complete before submission.
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
1. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-046 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Period of Performance
Known Questioned Cost Amount: $1,735
Prior Year Audit Finding: Yes, Finding 2022-033
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds in fiscal year 2023, about $17 million of which was disbursed to subrecipients.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials, supplies, and other
• Travel (in-state and out-of-state)
• Contracts and sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Beginning in February 2023, program staff documented their review and approval of the reimbursement request on a spreadsheet. The spreadsheet was only used at the program level, so it was not shared with the fiscal staff to communicate approval prior to issuing payment.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the ELC program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by the program staff.
We used a statistically valid sampling method to randomly select and examine 55 out of 441 subrecipient payments. Additionally, we judgmentally reviewed one individually significant payment that totaled $939,182. In total, we examined more than $8.8 million in subrecipient payments as part of the audit. Of the 55 randomly selected payments examined, we identified two payments (3.6 percent) that did not have the required supporting documentation for the subrecipients’ assigned risk level.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying subrecipients without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The two payments for which the Department did not have required supporting documentation from subrecipients totaled $1,735 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $46,169.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction (LHJ), document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/2022
This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-047 The Department of Health did not have adequate internal controls over and did not comply with suspension and debarment requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.6 million in federal grant funds during fiscal year 2023.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. This verification may be accomplished by obtaining a written certification from the contractor or subrecipient, or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program.
During the state fiscal year, the ELC program had 15 newly executed contracts that required a suspension and debarment check. The Department did not perform a suspension and debarment check for nine contracts (60 percent) with educational service districts (ESDs). The remaining six contracts with various entities received a suspension and debarment check.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have proper management oversight to ensure the ESD contracts received the required suspension and debarment checks. Department officials said that to accelerate contracts during the COVID-19 pandemic, along with the misperception that ESDs are an extension of the Office of Superintendent of Public Instruction, these checks were not performed.
Effect of Condition
By not performing suspension and debarment checks, the Department cannot ensure all its contractors and subrecipients are allowed to receive federal funds. Without proper checks, the Department could be required to repay the grantor for any payments made to a contractor or subrecipient that is suspended or disbarred.
We verified the nine ESDs were not suspended or debarred, so we are not questioning costs.
Recommendation
We recommend the Department establish adequate internal controls to ensure it completes the required suspension and debarment checks before entering into contracts with contractors and subrecipients that will receive $25,000 or more in federal funds.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations.
During the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and no suspension & debarment check was performed at the time. We have corrected this error moving forward with ESD contracts.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 213, Suspension and debarment, states:
Non-federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR parts 180 and 376. These regulations restrict awards, subawards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-048 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-02-07
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-034
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023.
During the audit period, the Department was required to submit various reports to the Centers for Disease Control and Prevention (CDC) for three ELC projects: Enhancing Detection, Enhancing Detection Expansion, and Reopening Schools.
Fiscal Reporting
For all three projects, the Department submits monthly fiscal reports in REDCap, a web-based system used by the CDC to collect data. This report summarizes the total monthly expenses, including salaries, fringe benefits, equipment, travel, supplies and contractual payments.
Testing Reporting
The Reopening Schools project uses this report to collect data on the use of PCR, antigen, and over-the-counter COVID-19 tests at schools. The Department works with a contractor that compiles testing data and reports the information back to the Department, which then submits the data using the CDC’s report template in REDCap.
Case Investigation and Contact Tracing (CICT) Reporting
For the Enhancing Detection and Enhancing Detection Expansion projects, the Department is required to submit monthly reports covering various attributes related to the number of COVID-19 cases reported and investigated. When a COVID-19 case is identified in the Washington Disease Reporting System, it is entered into the Case Risk and Exposure Surveillance Tool (CREST). Epidemiologists at the Department follow contact tracing protocols and enter the results of their investigations into CREST. The data is then reported in REDCap.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program. The prior finding number was 2022-034.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program.
During the audit period, the Department’s ELC program staff said that all reports were reviewed and approved by appropriate staff before submission to the federal government. However, program staff for the fiscal reports and CICT reports did not document their review or approval until January 2023, so we were unable to determine if the proper reviews occurred for the entirety of the audit period. Furthermore, the Department did not have a documented review during the audit period for the Reopening Schools testing reports.
Testing Reporting
We used a non-statistical sampling method to select and examine four out of four quarterly Reopening Schools testing reports. We found the total amounts provided by the contractor matched the amounts the Department reported in REDCap for all four quarterly reports. However, the Department did not receive or review the contractor’s detailed data that supports the total amounts to ensure it was complete and accurate before submitting the reports in REDCap.
CICT Reporting
We used a non-statistical sampling method to randomly select and review five out of 12 monthly CICT reports. We identified one month (20 percent) where the data reported in CREST did not match what was reported in REDCap. Three of the six data fields we tested had variances between CREST and REDCap reports, which ranged from 2.7 percent underreported to 3.79 percent overreported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Testing Reporting
The Department did not require management to document their reviews of reports and supporting documentation before submitting them to the grantor. Therefore, management did not ensure the total amounts provided by the contractor had adequate support to ensure the reports were accurate and complete.
CICT Reporting
Prior to January 2023, the Department did not require management to document their reviews of reports before or after submission. If management reviewed the CICT reports, the reviews were inadequate for detecting the errors our audit identified.
Effect of Condition
Testing Reporting
By not reviewing and reconciling the contractor’s summary data and supporting documentation, management was unable to demonstrate the amounts reported were complete and accurate.
CICT Reporting
By not ensuring management completes the proper reviews, the Department cannot reasonably ensure the reports are complete and accurate.
Recommendation
We recommend the Department establish and follow effective internal controls, including documented reviews, to ensure reports are accurate and complete before submitting them to the federal grantor.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future. In addition, we will work to discuss recommendations with the grants management and contracts teams at the department level to identify best practices to improve internal controls regarding document review and report accuracy to attempt to standardized process and procedures.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-049 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Department uses an Excel workbook to track subrecipients’ single audits.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions.
To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, during the audit period, the Department did not adequately perform this process.
Five subrecipients received an ELC finding, but the spreadsheet did not document them or note the Department’s follow-up actions on the subrecipients’ corrective action plans. In addition, the Department did not issue a management decision letter for any of these five findings, so the tracking spreadsheet also did not document any management decisions.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said that due to high turnover throughout the fiscal year, staff were behind on monitoring the single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• All subrecipients receive a single audit, if required
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department agrees with the finding.
The Department will review internal controls over ensuring timely review of federal subrecipient single audits and issuance of management decision letters, including monitoring controls by management to ensure future compliance with the requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
1. Reviewing financial and performance reports required by the pass-through entity.
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521.
f. Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501.
h. Consider taking enforcement action against noncompliant subrecipients as described in section 75.371and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-050 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-033
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients. In response to the COVID pandemic, ELC subrecipients have received a significant increase in funding over the last few years.
Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at general accounting information, budget information, equipment purchases and other items.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033.
Description of Condition
The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program.
The Department does not have written procedures to guide reviewers on the number of reimbursement samples to review based on the subrecipient’s risk level.
We used a nonstatistical sampling method to randomly select and examine five out of a total of 10 subrecipients that received a fiscal review during the audit period. For each subrecipients, we noted that the fiscal monitoring only covered between 0.19 percent and 3.37 percent of total grant awards. Additionally, the Department only sampled between one and nine transactions specific to the ELC program during the reviews. Furthermore, for each subrecipient, the Department only sampled from either payroll or contractor transactions, never both. These samples covered between 0.02 percent to 1.82 percent of the total ELC grant award for the subrecipients. The table below identifies the samples reviewed for each subrecipient.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management has not established guidance for how many transactions fiscal reviewers need to review from source documentation to have assurance subrecipients spent program funds spent accordance with grant requirements. Furthermore, management believed the level of review was adequate to ensure a sufficient level of monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Further, allowing staff to select samples without adequate guidance from management does not provide the Department with reasonable assurance that subrecipients spent program funds in accordance with grant requirements and federal regulations.
Recommendation
We recommend the Department strengthen internal controls to ensure it performs fiscal monitoring to a level that provides reasonable assurance that subrecipients’ use of federal funds complies with federal laws and regulations and the subaward’s terms and conditions.
Department’s Response
We do not concur with the finding.
We understand that the State Auditor’s Office (SAO) reviewed a specific grant as part of the scope of this audit. The Department of Health (DOH) finds it misleading that SAO did not report on the subrecipient review process in its entirety. The DOH Fiscal Monitoring Unit (FMU) is not an audit department, therefore the standards DOH FMU functions on are very different than what SAO is recommending in the finding. FMU is audited annually by different federal partners, and those partners have identified no concerns with the monitoring visit methodology used as it is in line with compliance requirement 2 CFR 200.332. Federal guidance does not state DOH must select a certain percentage of samples to ensure adequate review.
The DOH subrecipient monitoring process is a comprehensive process that starts with an initial risk assessment which is completed prior to contract execution. This assessment determines the level of support each subrecipient is required to submit as back up documentation for payment requests. Programs then have contract managers review this support prior to payment. In addition, monitoring visits are performed on subrecipients. As part of that process, the FMU reviews at least three months of invoices submitted by subrecipients and includes reviews of entity policies, procedures, internal controls both manual and automated, applicable contracts, history of compliance and applicable cost allocation methodology to ensure each entity is compliant with federal requirements and has adequate internal controls.
As part of the review, each FMU staff member will judgmentally select items to review from the selected invoices. FMU staff make this selection using their subject matter expertise about DOH, specific programs and federal guidance to identify transactions for review. This review includes looking at supporting documentation such as timesheets and receipts. FMU reviews the entity, not a specific grant when performing a site visit. The reviewer must document the grants the entity receives and then selects a few transactions from each award type, if applicable. Each entity has a consistent control structure across all funding types so there is no value in reviewing a significant number of transactions from each award type as the controls do not vary. As you can see from the table provided, of the invoices reviewed, DOH typically reviews a quarter of the amount invoiced for. If a grant award is not represented in the invoices selected, FMU will select an additional invoice to ensure all awards are included. This happened in the case of sample three. In the case of sample one, no vendor payments were reviewed because the entity only invoiced for payroll for the selected months. Executive leadership supports the approach used by FMU and is not considering program changes related to the recommendation at this time.
Auditor’s Remarks
While federal regulations do not require a specific percentage of program expenditures be reviewed when entities monitor subrecipients, in our judgment, the amount reviewed by the Department for the ELC program did not provide management with reasonable assurance that subawards were used for authorized purposes, were spent in compliance with federal requirements and the terms and conditions of the awards. The Department cannot rely on reviews performed for other federal awards as an effective means to ensure compliance for the ELC program.
The Department asserts that FMU staff selects invoices for all grant awards issued to the subrecipient. Then, FMU staff judgmentally pick samples from the three selected invoices, significantly limiting the number of expenditures reviewed, as evidence in our testing.
Furthermore, the Department does not have written procedures guiding FMU staff on the level of fiscal review for federal grant expenditures. It also acknowledges that the risk assessment level drives the level of backup documentation required for payment requests. The risk assessment does not influence the level of fiscal review.
The Department provided a table of the number of expenditures it asserts it reviewed at each subrecipient we tested but acknowledges that these expenditures are from all programs and not specific to ELC. The amount of review done for other federal programs or state funded programs is not relevant when determining whether the subrecipient complied with the terms of the ELC subaward.
We reaffirm our finding, and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-046 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Period of Performance
Known Questioned Cost Amount: $1,735
Prior Year Audit Finding: Yes, Finding 2022-033
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds in fiscal year 2023, about $17 million of which was disbursed to subrecipients.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials, supplies, and other
• Travel (in-state and out-of-state)
• Contracts and sub-subrecipients
• Administrative/indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Beginning in February 2023, program staff documented their review and approval of the reimbursement request on a spreadsheet. The spreadsheet was only used at the program level, so it was not shared with the fiscal staff to communicate approval prior to issuing payment.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the ELC program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether these expenditures had been reviewed and approved by the program staff.
We used a statistically valid sampling method to randomly select and examine 55 out of 441 subrecipient payments. Additionally, we judgmentally reviewed one individually significant payment that totaled $939,182. In total, we examined more than $8.8 million in subrecipient payments as part of the audit. Of the 55 randomly selected payments examined, we identified two payments (3.6 percent) that did not have the required supporting documentation for the subrecipients’ assigned risk level.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying subrecipients without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The two payments for which the Department did not have required supporting documentation from subrecipients totaled $1,735 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $46,169.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 2 CFR 200.516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department does not concur with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff now document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction (LHJ), document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/2022
This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2023-047 The Department of Health did not have adequate internal controls over and did not comply with suspension and debarment requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.6 million in federal grant funds during fiscal year 2023.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. This verification may be accomplished by obtaining a written certification from the contractor or subrecipient, or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program.
During the state fiscal year, the ELC program had 15 newly executed contracts that required a suspension and debarment check. The Department did not perform a suspension and debarment check for nine contracts (60 percent) with educational service districts (ESDs). The remaining six contracts with various entities received a suspension and debarment check.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have proper management oversight to ensure the ESD contracts received the required suspension and debarment checks. Department officials said that to accelerate contracts during the COVID-19 pandemic, along with the misperception that ESDs are an extension of the Office of Superintendent of Public Instruction, these checks were not performed.
Effect of Condition
By not performing suspension and debarment checks, the Department cannot ensure all its contractors and subrecipients are allowed to receive federal funds. Without proper checks, the Department could be required to repay the grantor for any payments made to a contractor or subrecipient that is suspended or disbarred.
We verified the nine ESDs were not suspended or debarred, so we are not questioning costs.
Recommendation
We recommend the Department establish adequate internal controls to ensure it completes the required suspension and debarment checks before entering into contracts with contractors and subrecipients that will receive $25,000 or more in federal funds.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations.
During the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and no suspension & debarment check was performed at the time. We have corrected this error moving forward with ESD contracts.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 213, Suspension and debarment, states:
Non-federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR parts 180 and 376. These regulations restrict awards, subawards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-048 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-02-07
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-034
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023.
During the audit period, the Department was required to submit various reports to the Centers for Disease Control and Prevention (CDC) for three ELC projects: Enhancing Detection, Enhancing Detection Expansion, and Reopening Schools.
Fiscal Reporting
For all three projects, the Department submits monthly fiscal reports in REDCap, a web-based system used by the CDC to collect data. This report summarizes the total monthly expenses, including salaries, fringe benefits, equipment, travel, supplies and contractual payments.
Testing Reporting
The Reopening Schools project uses this report to collect data on the use of PCR, antigen, and over-the-counter COVID-19 tests at schools. The Department works with a contractor that compiles testing data and reports the information back to the Department, which then submits the data using the CDC’s report template in REDCap.
Case Investigation and Contact Tracing (CICT) Reporting
For the Enhancing Detection and Enhancing Detection Expansion projects, the Department is required to submit monthly reports covering various attributes related to the number of COVID-19 cases reported and investigated. When a COVID-19 case is identified in the Washington Disease Reporting System, it is entered into the Case Risk and Exposure Surveillance Tool (CREST). Epidemiologists at the Department follow contact tracing protocols and enter the results of their investigations into CREST. The data is then reported in REDCap.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program. The prior finding number was 2022-034.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program.
During the audit period, the Department’s ELC program staff said that all reports were reviewed and approved by appropriate staff before submission to the federal government. However, program staff for the fiscal reports and CICT reports did not document their review or approval until January 2023, so we were unable to determine if the proper reviews occurred for the entirety of the audit period. Furthermore, the Department did not have a documented review during the audit period for the Reopening Schools testing reports.
Testing Reporting
We used a non-statistical sampling method to select and examine four out of four quarterly Reopening Schools testing reports. We found the total amounts provided by the contractor matched the amounts the Department reported in REDCap for all four quarterly reports. However, the Department did not receive or review the contractor’s detailed data that supports the total amounts to ensure it was complete and accurate before submitting the reports in REDCap.
CICT Reporting
We used a non-statistical sampling method to randomly select and review five out of 12 monthly CICT reports. We identified one month (20 percent) where the data reported in CREST did not match what was reported in REDCap. Three of the six data fields we tested had variances between CREST and REDCap reports, which ranged from 2.7 percent underreported to 3.79 percent overreported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Testing Reporting
The Department did not require management to document their reviews of reports and supporting documentation before submitting them to the grantor. Therefore, management did not ensure the total amounts provided by the contractor had adequate support to ensure the reports were accurate and complete.
CICT Reporting
Prior to January 2023, the Department did not require management to document their reviews of reports before or after submission. If management reviewed the CICT reports, the reviews were inadequate for detecting the errors our audit identified.
Effect of Condition
Testing Reporting
By not reviewing and reconciling the contractor’s summary data and supporting documentation, management was unable to demonstrate the amounts reported were complete and accurate.
CICT Reporting
By not ensuring management completes the proper reviews, the Department cannot reasonably ensure the reports are complete and accurate.
Recommendation
We recommend the Department establish and follow effective internal controls, including documented reviews, to ensure reports are accurate and complete before submitting them to the federal grantor.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. As a result of the prior year’s recommendation the Department put procedures in place to address the identified exceptions. Unfortunately, the procedures were not in place for a portion of the fiscal year due to the timing of the audit and when issues were identified. Moving forward with current controls in place, this should eliminate these errors from occurring in the future. In addition, we will work to discuss recommendations with the grants management and contracts teams at the department level to identify best practices to improve internal controls regarding document review and report accuracy to attempt to standardized process and procedures.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-049 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Department uses an Excel workbook to track subrecipients’ single audits.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions.
To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, during the audit period, the Department did not adequately perform this process.
Five subrecipients received an ELC finding, but the spreadsheet did not document them or note the Department’s follow-up actions on the subrecipients’ corrective action plans. In addition, the Department did not issue a management decision letter for any of these five findings, so the tracking spreadsheet also did not document any management decisions.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said that due to high turnover throughout the fiscal year, staff were behind on monitoring the single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• All subrecipients receive a single audit, if required
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department agrees with the finding.
The Department will review internal controls over ensuring timely review of federal subrecipient single audits and issuance of management decision letters, including monitoring controls by management to ensure future compliance with the requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
1. Reviewing financial and performance reports required by the pass-through entity.
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521.
f. Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501.
h. Consider taking enforcement action against noncompliant subrecipients as described in section 75.371and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-050 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-033
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients. In response to the COVID pandemic, ELC subrecipients have received a significant increase in funding over the last few years.
Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at general accounting information, budget information, equipment purchases and other items.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033.
Description of Condition
The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program.
The Department does not have written procedures to guide reviewers on the number of reimbursement samples to review based on the subrecipient’s risk level.
We used a nonstatistical sampling method to randomly select and examine five out of a total of 10 subrecipients that received a fiscal review during the audit period. For each subrecipients, we noted that the fiscal monitoring only covered between 0.19 percent and 3.37 percent of total grant awards. Additionally, the Department only sampled between one and nine transactions specific to the ELC program during the reviews. Furthermore, for each subrecipient, the Department only sampled from either payroll or contractor transactions, never both. These samples covered between 0.02 percent to 1.82 percent of the total ELC grant award for the subrecipients. The table below identifies the samples reviewed for each subrecipient.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management has not established guidance for how many transactions fiscal reviewers need to review from source documentation to have assurance subrecipients spent program funds spent accordance with grant requirements. Furthermore, management believed the level of review was adequate to ensure a sufficient level of monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Further, allowing staff to select samples without adequate guidance from management does not provide the Department with reasonable assurance that subrecipients spent program funds in accordance with grant requirements and federal regulations.
Recommendation
We recommend the Department strengthen internal controls to ensure it performs fiscal monitoring to a level that provides reasonable assurance that subrecipients’ use of federal funds complies with federal laws and regulations and the subaward’s terms and conditions.
Department’s Response
We do not concur with the finding.
We understand that the State Auditor’s Office (SAO) reviewed a specific grant as part of the scope of this audit. The Department of Health (DOH) finds it misleading that SAO did not report on the subrecipient review process in its entirety. The DOH Fiscal Monitoring Unit (FMU) is not an audit department, therefore the standards DOH FMU functions on are very different than what SAO is recommending in the finding. FMU is audited annually by different federal partners, and those partners have identified no concerns with the monitoring visit methodology used as it is in line with compliance requirement 2 CFR 200.332. Federal guidance does not state DOH must select a certain percentage of samples to ensure adequate review.
The DOH subrecipient monitoring process is a comprehensive process that starts with an initial risk assessment which is completed prior to contract execution. This assessment determines the level of support each subrecipient is required to submit as back up documentation for payment requests. Programs then have contract managers review this support prior to payment. In addition, monitoring visits are performed on subrecipients. As part of that process, the FMU reviews at least three months of invoices submitted by subrecipients and includes reviews of entity policies, procedures, internal controls both manual and automated, applicable contracts, history of compliance and applicable cost allocation methodology to ensure each entity is compliant with federal requirements and has adequate internal controls.
As part of the review, each FMU staff member will judgmentally select items to review from the selected invoices. FMU staff make this selection using their subject matter expertise about DOH, specific programs and federal guidance to identify transactions for review. This review includes looking at supporting documentation such as timesheets and receipts. FMU reviews the entity, not a specific grant when performing a site visit. The reviewer must document the grants the entity receives and then selects a few transactions from each award type, if applicable. Each entity has a consistent control structure across all funding types so there is no value in reviewing a significant number of transactions from each award type as the controls do not vary. As you can see from the table provided, of the invoices reviewed, DOH typically reviews a quarter of the amount invoiced for. If a grant award is not represented in the invoices selected, FMU will select an additional invoice to ensure all awards are included. This happened in the case of sample three. In the case of sample one, no vendor payments were reviewed because the entity only invoiced for payroll for the selected months. Executive leadership supports the approach used by FMU and is not considering program changes related to the recommendation at this time.
Auditor’s Remarks
While federal regulations do not require a specific percentage of program expenditures be reviewed when entities monitor subrecipients, in our judgment, the amount reviewed by the Department for the ELC program did not provide management with reasonable assurance that subawards were used for authorized purposes, were spent in compliance with federal requirements and the terms and conditions of the awards. The Department cannot rely on reviews performed for other federal awards as an effective means to ensure compliance for the ELC program.
The Department asserts that FMU staff selects invoices for all grant awards issued to the subrecipient. Then, FMU staff judgmentally pick samples from the three selected invoices, significantly limiting the number of expenditures reviewed, as evidence in our testing.
Furthermore, the Department does not have written procedures guiding FMU staff on the level of fiscal review for federal grant expenditures. It also acknowledges that the risk assessment level drives the level of backup documentation required for payment requests. The risk assessment does not influence the level of fiscal review.
The Department provided a table of the number of expenditures it asserts it reviewed at each subrecipient we tested but acknowledges that these expenditures are from all programs and not specific to ELC. The amount of review done for other federal programs or state funded programs is not relevant when determining whether the subrecipient complied with the terms of the ELC subaward.
We reaffirm our finding, and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-051 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with Temporary Assistance for Needy Families funds were allowable and property supported.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $107,338,725
Prior Year Audit Finding: Yes, Finding 2022-035
Background
The Department of Social and Health Service (DSHS), Community Services Office, administers the Temporary Assistance for Needy Families (TANF) grant that provides temporary cash assistance for families in need. To receive TANF benefits, participants must be engaged in activities listed in the Individual Responsibility Plan through the WorkFirst program, unless the TANF benefits are received only on behalf of a child. TANF grant funds are also used to pay clients’ child care costs to meet one of the program’s primary purposes of helping clients obtain employment.
Washington has established the Working Connections Child Care (WCCC) program to help eligible working families pay for child care. Both the Department of Children, Youth, and Families (Department) and DSHS administer the program. The Department is responsible for establishing policies and procedures for licensing child care providers and paying them for allowable child care services. DSHS determines TANF client eligibility and reimburses the Department for child care payments under an agreement between the two agencies. In fiscal year 2023, DSHS paid $107,338,725 related to child care services.
The Department uses its Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple Child Care Development Fund (CCDF) federal grant awards, and state funding. The Department uploads the payment data into the state’s accounting system at a summary level based on the various funding sources.
DSHS worked with the Department to setup coding in the Payment Allocating Model system that looks at the client-level information and then assigns the correct TANF source of funds. Once the source of funds is identified, that information is then sent to SSPS for allocation assignment. The Department prepares electronic reports for funds allocated to TANF funding sources and sends DSHS a monthly bill. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
Some payments the Department makes for child care are funded by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the WCCC program. Federal regulations require grant fund expenditures to be adequately supported to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls that ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported. The prior finding numbers were 2022-035 and 2021-028.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported.
To identify TANF-funded payments the Department made to child care providers, we requested a population of payments charged to TANF sources from SSPS. However, in fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent TANF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions from SSPS that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. Officials from the U.S. Department of Health and Human Services informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
Because the Department did not comply with federal requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $107,338,725 in federal program costs for child care payments that DSHS paid during the audit period.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Update service level agreements with DSHS to ensure payments are sufficient and properly supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the Working Connections Child Care (WCCC) program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the TANF grant. The Department allocated the TANF grant to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds for the CCDF or TANF grants. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF and TANF source of funds with the same eligibility requirements, the Department is confident TANF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-051 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with Temporary Assistance for Needy Families funds were allowable and property supported.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $107,338,725
Prior Year Audit Finding: Yes, Finding 2022-035
Background
The Department of Social and Health Service (DSHS), Community Services Office, administers the Temporary Assistance for Needy Families (TANF) grant that provides temporary cash assistance for families in need. To receive TANF benefits, participants must be engaged in activities listed in the Individual Responsibility Plan through the WorkFirst program, unless the TANF benefits are received only on behalf of a child. TANF grant funds are also used to pay clients’ child care costs to meet one of the program’s primary purposes of helping clients obtain employment.
Washington has established the Working Connections Child Care (WCCC) program to help eligible working families pay for child care. Both the Department of Children, Youth, and Families (Department) and DSHS administer the program. The Department is responsible for establishing policies and procedures for licensing child care providers and paying them for allowable child care services. DSHS determines TANF client eligibility and reimburses the Department for child care payments under an agreement between the two agencies. In fiscal year 2023, DSHS paid $107,338,725 related to child care services.
The Department uses its Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple Child Care Development Fund (CCDF) federal grant awards, and state funding. The Department uploads the payment data into the state’s accounting system at a summary level based on the various funding sources.
DSHS worked with the Department to setup coding in the Payment Allocating Model system that looks at the client-level information and then assigns the correct TANF source of funds. Once the source of funds is identified, that information is then sent to SSPS for allocation assignment. The Department prepares electronic reports for funds allocated to TANF funding sources and sends DSHS a monthly bill. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
Some payments the Department makes for child care are funded by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the WCCC program. Federal regulations require grant fund expenditures to be adequately supported to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls that ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported. The prior finding numbers were 2022-035 and 2021-028.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported.
To identify TANF-funded payments the Department made to child care providers, we requested a population of payments charged to TANF sources from SSPS. However, in fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent TANF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions from SSPS that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. Officials from the U.S. Department of Health and Human Services informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
Because the Department did not comply with federal requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $107,338,725 in federal program costs for child care payments that DSHS paid during the audit period.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Update service level agreements with DSHS to ensure payments are sufficient and properly supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the Working Connections Child Care (WCCC) program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the TANF grant. The Department allocated the TANF grant to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds for the CCDF or TANF grants. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF and TANF source of funds with the same eligibility requirements, the Department is confident TANF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-052 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS, 2301WARSSS-00, 2301WARSSS-01, 2301WARSSS-02, 2301WARSSS-03, 2301WARSSS-04, 2301WARSSS-05, 2301WARCMA-00, 2301WARCMA-01, 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $18.2 million to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
In fiscal year 2023, the Department issued 29 subawards and 18 subaward amendments totaling $39.8 million to subrecipients that it was required to report in FSRS.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not have written procedures on the reporting process and did not report any subawards in FSRS during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had no procedures in place to determine which subawards and amendments were required to be reported in FSRS. Additionally, management did not ensure that reports were submitted, as required.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Establish effective internal controls and written procedures to ensure it reports all first-tier subawards of $30,000 or more, as required
• Verify all subawards and subaward amendments are reported in FSRS, as required
Department’s Response
The Department concurs with the auditor’s findings.
The Refugee and Entrant Assistance program will immediately report all first-tier subawards, including amendments, totaling $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
To ensure ongoing compliance with the Federal Funding Accountability and Transparency Act Reporting requirements, the Refugee and Entrant Assistance program will establish effective internal controls and written procedures to ensure:
• The program reports all first-tier initial subawards of $30,000 or more.
• If the initial award is below $30,000, the program tracks subsequent grant modifications and reports as soon as the modifications result in a total award equal to or over $30,000.
• Reports for submission will contain the required data elements.
In addition, the program will work with the Division of Finance and Financial Resources to develop and subsequently implement a process to verify all subawards and subaward amendments were reported in the Federal Funding Accountability and Transparency Act Subaward Reporting System.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii .For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-053 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS; 2301WARSSS-00;
2301WARSSS-01; 2301WARSSS-02;
2301WARSSS-03; 2301WARSSS-04;
2301WARSSS-05; 2301WARCMA-00;
2301WARCMA-01; 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $26 million to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit or program-specific audit. Furthermore, federal regulations require subrecipients to submit their audits in the Federal Audit Clearinghouse and to the pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes on to its subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
We found the Department did not have adequate internal controls in place to verify whether:
• Subrecipients met the audit threshold for federal assistance expended for their fiscal year
• Subrecipients received required audits, if necessary, and appropriate actions were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who received a single audit or program-specific audit
We found the Department did not monitor each of its 41 subrecipients to ensure they received a single audit, if required. Six of the subrecipients received single audits during the audit period. One of those six subrecipients’ audits included Refugee and Entrant Assistance as a major program.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department used accounting system reports to determine how much it reimbursed subrecipients with Refugee and Entrant Assistance funds. However, management did not monitor subrecipients to ensure they received single audits, as required. Additionally, management did not assign any specific employees the responsibility for reviewing subrecipient audit reports and findings.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the Department cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions, and management monitors them for effectiveness where required, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) will follow-up with the remaining 35 subrecipients to verify that they completed a single/program audit if they received $750,000 or more in federal assistance. For any subrecipients that have not been audited as required, ORIA will inform the subrecipient of the requirement and monitor for completion. ORIA will work with ESA accounting staff to review all completed audit reports and for any findings found, issue a management decision outlining their determination of the effectiveness of the subrecipients’ proposed corrective actions to address the findings. ESA Accounting will monitor the subrecipent’s corrective actions through completion.
To ensure ongoing compliance with subrecipient monitoring requirements, ORIA will work with ESA Accounting to establish and implement effective internal controls and written procedures to:
• Identify subrecipients who receive $750,000 or more annually in federal assistance from all sources.
• Verify if subrecipients completed required audits, if necessary, and take appropriate action if audits are not completed.
• Review single and program-specific audit reports for findings.
• Write and issue a management decision, when appropriate, within six months outlining the Department’s determination of the adequacy of the subrecipient’s proposed corrective actions to address the finding.
• Monitor the subrecipient’s corrective action plan for timely and effective completion.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-054 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS; 2301WARSSS-00;
2301WARSSS-01; 2301WARSSS-02;
2301WARSSS-03; 2301WARSSS-04;
2301WARSSS-05; 2301WARCMA-00;
2301WARCMA-01; 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $26 million to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
The Department’s administrative policy 19.50.30 - Subrecipient Monitoring requires Department staff to conduct programmatic and fiscal monitoring of subrecipients. We found the Department did not monitor 33 out of 41 subrecipients to ensure compliance with Federal statutes, regulations, or that subaward performance goals are achieved.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had established administrative policies and procedures to monitor subrecipients for programmatic and fiscal compliance; however, ORIA program management did not accurately identify all program subrecipients to develop a comprehensive monitoring plan. In response to a prior audit finding ORIA program management implemented procedures for determining program subrecipients, however this change did not take effect until the end of the audit period.
The Department’s program management did not ensure subrecipients were correctly identified and did not review each subrecipient to ensure they were monitored for compliance, as required.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure that the subrecipient has complied with the terms and conditions of the subaward.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure all subrecipients are subject to fiscal and program monitoring, as required
• Establish effective internal controls to ensure subrecipients are accurately identified by Department program staff
• Establish internal controls to ensure Department staff review financial and performance-based reports for every subrecipient
• Monitor each subrecipient to obtain reasonable assurance that each subrecipients’ use of federal funds complies with federal laws and regulations, and the subaward terms and conditions
• Communicate to subrecipients any deficiencies noted during its review and ensure appropriate corrective action is taken to address the deficiencies
Department’s Response
The Department concurs with the auditor’s findings.
In response to audit finding 2021-015 covering a different grant administered by the Department’s Office of Refugee and Immigrant Assistance (ORIA), ORIA program staff created a Subrecipient vs. Contractor Determination tool. However, this determination tool was not established until April 2023 with implementation and training occurring April through June 2023.
For immediate compliance, ORIA will review all active contracts utilizing federal funding and ensure subrecipient status is correctly determined. ORIA has over 200 active contracts with more than 80 unique providers, most of which will require subrecipient monitoring. To address the significant workload that additional fiscal and programmatic monitoring will require, ORIA and ESA Accounting will explore the department’s ability to increase staff resources.
For ongoing compliance, ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part:
Policy
E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool)
Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools.
1. If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review:
a) Entity’s invoices and documentation (A-19s).
b) Entity’s program or service and financial reports.
c) Surveys or feedback cards from clients.
d) Client complaints.
e) Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means.
f) Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable.
g) If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool.
2. If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items:
a) A review of the delivery of program services.
b) Discussions about the subrecipient’s problems and challenges.
c) Follow-up on identified problems from previous visits.
d) Review of faculty/personnel licensing.
e) Review of surveys and inspections performed by outside parties.
f) Interview of staff to determine whether they are familiar with the program.
g) Inspection of the entity’s facilities and operations.
h) Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes.
i) Review of the entity’s monitoring/production reports.
j) Review of any independent limited scope program audits.
k) Verification of performance from outside source (e.g. sub-contractors).
l) Review of the entity’s self-risk assessment survey.
m) Review of internal controls.
n) Review of billing practices.
o) Review of allocation of costs.
p) Review of timesheets or activity reports.
q) Review of financial records.
E. Monitoring must be documented.
1. The ACD must be used to document all subrecipient-related monitoring activities.
2. Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period.
Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2023-052 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS, 2301WARSSS-00, 2301WARSSS-01, 2301WARSSS-02, 2301WARSSS-03, 2301WARSSS-04, 2301WARSSS-05, 2301WARCMA-00, 2301WARCMA-01, 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $18.2 million to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
In fiscal year 2023, the Department issued 29 subawards and 18 subaward amendments totaling $39.8 million to subrecipients that it was required to report in FSRS.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not have written procedures on the reporting process and did not report any subawards in FSRS during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had no procedures in place to determine which subawards and amendments were required to be reported in FSRS. Additionally, management did not ensure that reports were submitted, as required.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Establish effective internal controls and written procedures to ensure it reports all first-tier subawards of $30,000 or more, as required
• Verify all subawards and subaward amendments are reported in FSRS, as required
Department’s Response
The Department concurs with the auditor’s findings.
The Refugee and Entrant Assistance program will immediately report all first-tier subawards, including amendments, totaling $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
To ensure ongoing compliance with the Federal Funding Accountability and Transparency Act Reporting requirements, the Refugee and Entrant Assistance program will establish effective internal controls and written procedures to ensure:
• The program reports all first-tier initial subawards of $30,000 or more.
• If the initial award is below $30,000, the program tracks subsequent grant modifications and reports as soon as the modifications result in a total award equal to or over $30,000.
• Reports for submission will contain the required data elements.
In addition, the program will work with the Division of Finance and Financial Resources to develop and subsequently implement a process to verify all subawards and subaward amendments were reported in the Federal Funding Accountability and Transparency Act Subaward Reporting System.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii .For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-053 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS; 2301WARSSS-00;
2301WARSSS-01; 2301WARSSS-02;
2301WARSSS-03; 2301WARSSS-04;
2301WARSSS-05; 2301WARCMA-00;
2301WARCMA-01; 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $26 million to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit or program-specific audit. Furthermore, federal regulations require subrecipients to submit their audits in the Federal Audit Clearinghouse and to the pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes on to its subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
We found the Department did not have adequate internal controls in place to verify whether:
• Subrecipients met the audit threshold for federal assistance expended for their fiscal year
• Subrecipients received required audits, if necessary, and appropriate actions were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who received a single audit or program-specific audit
We found the Department did not monitor each of its 41 subrecipients to ensure they received a single audit, if required. Six of the subrecipients received single audits during the audit period. One of those six subrecipients’ audits included Refugee and Entrant Assistance as a major program.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department used accounting system reports to determine how much it reimbursed subrecipients with Refugee and Entrant Assistance funds. However, management did not monitor subrecipients to ensure they received single audits, as required. Additionally, management did not assign any specific employees the responsibility for reviewing subrecipient audit reports and findings.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the Department cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions, and management monitors them for effectiveness where required, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) will follow-up with the remaining 35 subrecipients to verify that they completed a single/program audit if they received $750,000 or more in federal assistance. For any subrecipients that have not been audited as required, ORIA will inform the subrecipient of the requirement and monitor for completion. ORIA will work with ESA accounting staff to review all completed audit reports and for any findings found, issue a management decision outlining their determination of the effectiveness of the subrecipients’ proposed corrective actions to address the findings. ESA Accounting will monitor the subrecipent’s corrective actions through completion.
To ensure ongoing compliance with subrecipient monitoring requirements, ORIA will work with ESA Accounting to establish and implement effective internal controls and written procedures to:
• Identify subrecipients who receive $750,000 or more annually in federal assistance from all sources.
• Verify if subrecipients completed required audits, if necessary, and take appropriate action if audits are not completed.
• Review single and program-specific audit reports for findings.
• Write and issue a management decision, when appropriate, within six months outlining the Department’s determination of the adequacy of the subrecipient’s proposed corrective actions to address the finding.
• Monitor the subrecipient’s corrective action plan for timely and effective completion.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-054 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WARSSS; 2301WARSSS-00;
2301WARSSS-01; 2301WARSSS-02;
2301WARSSS-03; 2301WARSSS-04;
2301WARSSS-05; 2301WARCMA-00;
2301WARCMA-01; 2301WARCMA-02
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2023, the Department spent about $49.9 million in federal program funding. Of that amount, the Department passed through more than $26 million to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
The Department’s administrative policy 19.50.30 - Subrecipient Monitoring requires Department staff to conduct programmatic and fiscal monitoring of subrecipients. We found the Department did not monitor 33 out of 41 subrecipients to ensure compliance with Federal statutes, regulations, or that subaward performance goals are achieved.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had established administrative policies and procedures to monitor subrecipients for programmatic and fiscal compliance; however, ORIA program management did not accurately identify all program subrecipients to develop a comprehensive monitoring plan. In response to a prior audit finding ORIA program management implemented procedures for determining program subrecipients, however this change did not take effect until the end of the audit period.
The Department’s program management did not ensure subrecipients were correctly identified and did not review each subrecipient to ensure they were monitored for compliance, as required.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure that the subrecipient has complied with the terms and conditions of the subaward.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure all subrecipients are subject to fiscal and program monitoring, as required
• Establish effective internal controls to ensure subrecipients are accurately identified by Department program staff
• Establish internal controls to ensure Department staff review financial and performance-based reports for every subrecipient
• Monitor each subrecipient to obtain reasonable assurance that each subrecipients’ use of federal funds complies with federal laws and regulations, and the subaward terms and conditions
• Communicate to subrecipients any deficiencies noted during its review and ensure appropriate corrective action is taken to address the deficiencies
Department’s Response
The Department concurs with the auditor’s findings.
In response to audit finding 2021-015 covering a different grant administered by the Department’s Office of Refugee and Immigrant Assistance (ORIA), ORIA program staff created a Subrecipient vs. Contractor Determination tool. However, this determination tool was not established until April 2023 with implementation and training occurring April through June 2023.
For immediate compliance, ORIA will review all active contracts utilizing federal funding and ensure subrecipient status is correctly determined. ORIA has over 200 active contracts with more than 80 unique providers, most of which will require subrecipient monitoring. To address the significant workload that additional fiscal and programmatic monitoring will require, ORIA and ESA Accounting will explore the department’s ability to increase staff resources.
For ongoing compliance, ORIA will work with contracts and accounting staff to develop effective internal controls and clear written procedures covering subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part:
Policy
E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool)
Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools.
1. If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review:
a) Entity’s invoices and documentation (A-19s).
b) Entity’s program or service and financial reports.
c) Surveys or feedback cards from clients.
d) Client complaints.
e) Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means.
f) Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable.
g) If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool.
2. If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items:
a) A review of the delivery of program services.
b) Discussions about the subrecipient’s problems and challenges.
c) Follow-up on identified problems from previous visits.
d) Review of faculty/personnel licensing.
e) Review of surveys and inspections performed by outside parties.
f) Interview of staff to determine whether they are familiar with the program.
g) Inspection of the entity’s facilities and operations.
h) Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes.
i) Review of the entity’s monitoring/production reports.
j) Review of any independent limited scope program audits.
k) Verification of performance from outside source (e.g. sub-contractors).
l) Review of the entity’s self-risk assessment survey.
m) Review of internal controls.
n) Review of billing practices.
o) Review of allocation of costs.
p) Review of timesheets or activity reports.
q) Review of financial records.
E. Monitoring must be documented.
1. The ACD must be used to document all subrecipient-related monitoring activities.
2. Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period.
Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2023-055 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WAE5C6; 2102WALWC6
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-039
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia, and territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department is required to collect and report program information through various reports.
LIHEAP Performance Data Form
The LIHEAP Performance Data Form has two modules. Module 1 is the Grant Recipient Survey that collects and reports data on sources and uses of LIHEAP funds. Module 2 is the performance measures used to report data on energy burden targeting and reduction, as well as the continuity of home energy service.
Annual Report on Households Assisted by LIHEAP
The Annual Report on Households is used to report data on the number, income levels, and demographic information on both households assisted and households applying for assistance.
Both reports are required to separate the data by regular LIHEAP funding and additional LIHEAP funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the American Rescue Plan Act of 2021 (ARPA).
Quarterly Performance and Management Report
Starting in fiscal year 2023, the Quarterly Performance and Management Report was required to report aggregated data on total households assisted, performance management metrics, and estimated uses of LIHEAP funds, along with some narrative information about program implementation and support.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with reporting requirements for the LIHEAP Performance Data Form and Annual Report on Households Assisted. The prior finding was number 2022-039. Two audits ago, we also reported the Department did not have adequate controls over and did not comply with reporting requirements for the Annual Report on Households Assisted. This finding number was 2021-032.
Description of Condition
The Department did not have adequate internal controls over and did not comply with the reporting requirements for LIHEAP.
We reviewed the LIHEAP Performance Data Form and Annual Report on Households Assisted for the federal fiscal year ending September 30, 2022. In addition, we reviewed the three Quarterly Performance and Management Reports that the Department submitted during the audit period. We examined each report and attempted to recalculate the information reported using the supporting documentation used to prepare the reports and data from the LIHEAP database.
Based on the data the Department provided, we identified the following:
LIHEAP Performance Data Form
• In Module 1 Estimated Sources and Uses of LIHEAP Funds, 11 of 16 fields (69 percent) were inaccurate, and the Department was not able to provide any support for eight of these 11.
• In Module 2 Household Data, 83 of 240 fields (35 percent) we examined were inaccurate.
• Most differences in the amounts reported and the data provided were between less than one percent and 100 percent.
• All households data were accurate, but subcategories isolating CARES funding and ARPA funding had variances ranging from (5,016) to 4,557 in the average annual household income data.
Annual Report on Households Assisted by LIHEAP
• 102 of 162 (63 percent) fields we examined were inaccurate.
• The differences in the amounts reported and data provided were between less than one percent and 100 percent.
• High level totals were generally accurate, but subcategories isolating CARES funding and ARPA funding had variances ranging from (1,780) to 767 in the number of households assisted.
Quarterly Performance Management Report
• All nine fields (100 percent) we examined were inaccurate.
• The differences between values reported and data provided were between 2 percent and 371 percent.
• The variances ranged in underreporting total households assisted by 7,932 to overreporting occurrences of households where LIHEAP restored home energy by 4,722.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure they properly reviewed and approved these reports before the Department submitted them. Furthermore, the Department did not retain source documentation used at the time of completing these reports, and the data from the LIHEAP database is real-time data that can change over time without the ability to track changes. As a result, the data provided to verify the reported amounts has changed since the time of report submission.
In addition, the Department did not properly follow reporting instructions to break down some data types and did not align rounding methodologies for calculating poverty levels according to reporting requirements. Department officials also said the agency is understaffed and experienced turnover among key personnel, including management, who are involved in preparing and submitting the reports.
Effect of Condition
By not retaining supporting documentation and source data for the reports, management was unable to demonstrate the amounts the Department reported to the federal grantor were complete and accurate.
Additionally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure management is reviewing reports prior to submission
• Ensure supporting documentation and real-time data used to prepare the reports are retained
• Ensure all amounts reported align with reporting requirements and methodologies
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Department’s Response
The Department appreciates the State Auditor’s Office thorough review of our internal controls and compliance over reporting for the Low-Income Home Energy Assistance Program. The program confirms the reports were reviewed and approved by the Managing Director, the program manager did not retain written approvals.
The program will add the following bolded steps to the Department's procedures for LIHEAP federal reporting.
The retention of the source data at the time the reports are pulled will result in the Department and SAO reviewing the same data from the same time.
The Department follows the reporting process outlined below:
• Program manager pulls the necessary reports
• LIHEAP program manager will retain all data reports from the LIHEAP data system used for reporting.
• LIHEAP information technology staff will save a snapshot of the entire database from the date of the report. This will allow the State Auditor’s Office to review the actual information used for reporting.
• Managing director reviews reports before submittal.
• Managing director will send written/email approval to program manager
• Program manager will retain written approval for the State Auditor’s Office review
• Program manager submits reports once managing director approval is received.
• Program manager receives notice that the report has been accepted by the funder.
• Program manager saves a copy of the report, documentation, and acceptance
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart 342, Monitoring and reporting program performance, states in part:
b. Non-construction performance reports. The HHS awarding agency must use standard, OMB-approved data elements for collection of performance information (including performance progress reports, Research Performance Progress Report, or such future collections as may be approved by OMB and listed on the OMB Web site).
1. The non-Federal entity must submit performance reports at the interval required by the HHS awarding agency or pass-through entity to best inform improvements in program outcomes and productivity. Intervals must be no less frequent than annually nor more frequent than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes. Annual reports must be due 90 calendar days after the reporting period; quarterly or semiannual reports must be due 30 calendar days after the reporting period. Alternatively, the HHS awarding agency or pass-through entity may require annual reports before the anniversary dates of multiple year Federal awards. The final performance report will be due 90 calendar days after the period of performance end date. If a justified request is submitted by a non-Federal entity, the HHS awarding agency may extend the due date for any performance report.
Title 45 CFR Part 96, Subpart 82, Required report on households assisted, states in part:
a. Each grantee which is a State or an insular area which receives an annual allotment of at least $200,000 shall submit to the Department, as part of its LIHEAP grant application, the data required by section 2605(c)(1)(G) of Public Law 97-35 (42 U.S.C. 8624(c)(1)(G)) for the 12-month period corresponding to the Federal fiscal year (October 1 – September 30) preceding the fiscal year for which funds are requested. The data shall be reported separately for LIHEAP heating, cooling, crisis, and weatherization assistance.
Office of Management and Budget, 2023 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The U.S. Department of Health and Human Services, Division of Energy Assistance, Office of Community Services, Administration of Children and Families, provides the following reporting instructions:
• Instructions for the LIHEAP Performance Data Form for FFY 2022
• Instructions for the LIHEAP Household Report for FFY 2022 – Long Form
• Instructions for Completion of the Quarterly Performance and Management Report for the Low-Income Home Energy Assistance Program
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11
2023-056 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for the Low-Income Home Energy Assistance Program contained the federal award identification elements.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S Department of Health & Human Services
Federal Award/Contract Number: 2301WALIEA, 2301WALIEE, 2301WALIEI, 2201WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Commerce administers the Low-Income Home Energy Assistance Program (LIHEAP), which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. During the audit period, the energy assistance program allocated funds to 26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85 percent of LIHEAP funds go to the energy assistance program, with no more than 15 percent allocated for weatherization activities. Each program makes separate subawards to subrecipients.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. LIHEAP management reviews subawards prior to execution to ensure all elements are included in the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure LIHEAP subawards contained the federal award identification elements.
During the audit period, the Department executed 126 LIHEAP subawards for the energy assistance and weatherization programs. The Department uses the same process for these two programs to ensure the 14 federal award identification elements are included in the subawards. We used a non-statistical sampling method to randomly select and examine 17 of these subawards to determine if the required information was included. We found that six energy assistance subawards (35 percent) did not have the correct FAIN. One of these six subawards (6 percent) also incorrectly communicated seven additional elements, and it did not properly differentiate separate projects and costs and, therefore, did not clearly communicate the allowable activities for each specific FAIN on the subaward.
We also judgmentally reviewed three additional energy assistance subawards. For all three, we found eight of the elements were not correctly communicated to the subrecipient, and they did not properly communicate the program’s allowable activities.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In an effort to be more efficient, program management included two FAINs in one subaward. However, the FAINs had different information for some of the 14 federal award identification elements, and management did not ensure that the necessary information for each FAIN was included in the subaward.
Effect of Condition
By not clearly identifying the required information in subawards, the Department cannot ensure that subrecipients are adequately informed of program requirements for each federal award.
Recommendation
We recommend the Department establish policies and procedures and provide training for staff to ensure it includes all required federal award identification elements in subawards.
Department’s Response
The Department agrees with this finding. The wrong Federal Award Identification Numbers (FAIN) were entered incorrectly due to multiple awards and contracts being sent out.
While 13 of the 14 required elements were included, the issue with the multiple awards and FAINs on a single contract will be corrected. The Department will separate the FAIN information by award on the contract in the Contract Face Sheet (CFS), the Contract Information Sheet (CIS), and Section 1. Acknowledgment of Federal Funding in the Special & General Terms & Conditions of the contract. The information will be entered by the LIHEAP Commerce Specialist 3, reviewed by the LIHEAP Program Manager, and then reviewed by the Community & Economic Opportunities Managing Director prior to contracts being sent out.
In addition, the Requirements for Pass Through Entities fourteen elements will be communicated to all subrecipients via the Department required communication which was a required process Commerce implemented in 2022. This communication is included as part of each award issued to subrecipients as required by the Code of Federal Regulations.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, establishes requirements for pass-through entities.
Title 45 CFR Part 75, section 303, Subpart D - Standards for Financial and Program Management 3, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-057 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments and monitor subrecipients of the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: 2301WALIEA, 2201WALIEA, 2101WALIEA, 2301WALIEE, 2301WALIEI, 2201WALIEI, 2101WAE5C6, 2101WALWC6, 2101WALWC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Commerce administers the Low-Income Home Energy Assistance Program (LIHEAP), which provides financial assistance to low-income households to meet their energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. The energy assistance program allocated funds to
26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85 percent of LIHEAP funds go to the energy assistance program, with no more than 15 percent allocated for weatherization activities. Each program makes separate subawards to subrecipients and conducts risk assessments and monitoring activities independently of each other. For weatherization, the Department includes other federal programs in the monitoring activity, and staff use a checklist to ensure all monitoring is performed.
Federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations also require the Department to monitor the activities of its subrecipients as necessary to ensure that they use their subawards for authorized purposes, comply with the terms and conditions of their subawards, and achieve performance goals.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments and monitor LIHEAP subrecipients.
We did not identify issues with the energy assistance program during the audit period. However, we found the Department did not perform risk assessments for any of its 24 subrecipients (100 percent) for the weatherization program.
We used a non-statistical sampling method to randomly select and examine eight out of the 24 total weatherization subrecipients to determine if the Department conducted sufficient program and fiscal monitoring. We found Department staff did not fully complete the monitoring checklist for six subrecipients (75 percent). Also, for all eight subrecipients (100 percent), we could not determine if the monitoring activity was specific to the federal requirements for the program. Furthermore, we found seven subrecipients (88 percent) did not have adequate documentation to determine if the reimbursement requests reviewed were for the LIHEAP program.
Finally, the Department classified six out of the eight subrecipients examined as high risk and two as low risk. However, all subrecipients received the same level of monitoring regardless of their classified risk level.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department does not have adequate policies and procedures in place to ensure the risk assessments are completed and influence the level of monitoring activity. Furthermore, management did not adequately monitor employees performing the monitoring activity to ensure they properly completed the checklists. Department employees said staffing shortages contributed to delays in performing risk assessments, staff responsible for the risk assessments were not aware they must be completed within each fiscal year, and management did not ensure they were performed.
Furthermore, the weatherization program staff said their monitoring activity was focused on ensuring compliance for other federal programs, and they were not aware that monitoring activities must be specific to the requirements and terms and conditions of the LIHEAP awards.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Department is meeting federal requirements by performing the appropriate level of monitoring to ensure subrecipients comply with program requirements.
Furthermore, without proper and complete monitoring documentation, management cannot ensure that Department staff are adequately monitoring subrecipients.
Recommendations
We recommend the Department:
• Improve internal controls to ensure it performs required risk assessments
• Improve internal controls to ensure that all monitoring documentation is thorough and complete
• Ensure staff conduct program and financial monitoring that is clearly attributable to the federal award’s requirements
• Ensure that risk-based monitoring activities are specific to the federal award and distinguishable between low- and high-risk subrecipients
Department’s Response
The Department concurs with the finding. The Department’s Weatherization program conducts a robust risk assessment annually that includes multiple levels of risks across all programs. The risk assessment reviews risk per subrecipient and is separate from our monitoring process.
Over the course of the years of 2022 and 2023, the program underwent some significant staff changes. Three supervisor level positions were vacated and numerous programmatic staff positions changes were made which resulted in the annual risk assessment for fiscal year 2023 not being completed in time and missing data not recorded in monitoring reports.
The program’s monitoring team utilizes the risk assessment and other resources to determine the focus areas of weatherization monitoring, not necessarily the number of projects for inspection. The Department of Energy requires all grantees to inspect a minimum of 5% or 10% of completed units be inspected depending on if the agency has a waiver for an independent auditor and inspector. The monitoring team exceeds the DOE requirements by inspecting between 10 and 20 percent of all production, statewide.
The monitoring team does not delineate LIHEAP specific projects in their monitoring since very few are solely LIHEAP funded. The vast majority utilize a combination of federal, state and utility funding. The team reserves the right to increase the number of projects inspected based on agency risk and inspection results independent of the funding sources. However, the results of our monitoring in concert with the risk assessment and previously identified concerns determine if an elevated level of review is needed beyond the minimum standards.
The Department acknowledges the recommendations set forth by the State Auditor’s Office and plan to implement changes. The team is currently in the process of finalizing the 2023 Risk Assessment which is expected to be finalized by December 31, 2023. The process for the 2024 Risk Assessment will then commence and be completed by May 30, 2024. The team will incorporate a formal checklist process that will assign staff to tasks and include supervisory signatures to ensure compliance and timeliness. All supervisory positions have been filled.
A two day meeting is scheduled in January 2024 to review and update all monitoring processes, procedures, forms, and protocols. The goal is to better align monitoring forms and checklists with the risk assessment tools. The team recognizes the need to clarify the process and increase consistency for elevated levels of monitoring while ensuring that all required documentation and checklists are complete. This will include supervisor review and sign off at appropriate milestones of the monitoring process. We intend to have all monitoring forms updated by May 30, 2024. We will work in sync with our LIHEAP program manager to ensure we are in compliance with monitoring expectations specific to the program and determine how we might increase monitoring for weatherization LIHEAP projects. We appreciate the thorough review and feedback, the information provided assisted in our efforts to improve our weatherization monitoring process and service delivery.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-055 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WAE5C6; 2102WALWC6
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-039
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia, and territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department is required to collect and report program information through various reports.
LIHEAP Performance Data Form
The LIHEAP Performance Data Form has two modules. Module 1 is the Grant Recipient Survey that collects and reports data on sources and uses of LIHEAP funds. Module 2 is the performance measures used to report data on energy burden targeting and reduction, as well as the continuity of home energy service.
Annual Report on Households Assisted by LIHEAP
The Annual Report on Households is used to report data on the number, income levels, and demographic information on both households assisted and households applying for assistance.
Both reports are required to separate the data by regular LIHEAP funding and additional LIHEAP funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the American Rescue Plan Act of 2021 (ARPA).
Quarterly Performance and Management Report
Starting in fiscal year 2023, the Quarterly Performance and Management Report was required to report aggregated data on total households assisted, performance management metrics, and estimated uses of LIHEAP funds, along with some narrative information about program implementation and support.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with reporting requirements for the LIHEAP Performance Data Form and Annual Report on Households Assisted. The prior finding was number 2022-039. Two audits ago, we also reported the Department did not have adequate controls over and did not comply with reporting requirements for the Annual Report on Households Assisted. This finding number was 2021-032.
Description of Condition
The Department did not have adequate internal controls over and did not comply with the reporting requirements for LIHEAP.
We reviewed the LIHEAP Performance Data Form and Annual Report on Households Assisted for the federal fiscal year ending September 30, 2022. In addition, we reviewed the three Quarterly Performance and Management Reports that the Department submitted during the audit period. We examined each report and attempted to recalculate the information reported using the supporting documentation used to prepare the reports and data from the LIHEAP database.
Based on the data the Department provided, we identified the following:
LIHEAP Performance Data Form
• In Module 1 Estimated Sources and Uses of LIHEAP Funds, 11 of 16 fields (69 percent) were inaccurate, and the Department was not able to provide any support for eight of these 11.
• In Module 2 Household Data, 83 of 240 fields (35 percent) we examined were inaccurate.
• Most differences in the amounts reported and the data provided were between less than one percent and 100 percent.
• All households data were accurate, but subcategories isolating CARES funding and ARPA funding had variances ranging from (5,016) to 4,557 in the average annual household income data.
Annual Report on Households Assisted by LIHEAP
• 102 of 162 (63 percent) fields we examined were inaccurate.
• The differences in the amounts reported and data provided were between less than one percent and 100 percent.
• High level totals were generally accurate, but subcategories isolating CARES funding and ARPA funding had variances ranging from (1,780) to 767 in the number of households assisted.
Quarterly Performance Management Report
• All nine fields (100 percent) we examined were inaccurate.
• The differences between values reported and data provided were between 2 percent and 371 percent.
• The variances ranged in underreporting total households assisted by 7,932 to overreporting occurrences of households where LIHEAP restored home energy by 4,722.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure they properly reviewed and approved these reports before the Department submitted them. Furthermore, the Department did not retain source documentation used at the time of completing these reports, and the data from the LIHEAP database is real-time data that can change over time without the ability to track changes. As a result, the data provided to verify the reported amounts has changed since the time of report submission.
In addition, the Department did not properly follow reporting instructions to break down some data types and did not align rounding methodologies for calculating poverty levels according to reporting requirements. Department officials also said the agency is understaffed and experienced turnover among key personnel, including management, who are involved in preparing and submitting the reports.
Effect of Condition
By not retaining supporting documentation and source data for the reports, management was unable to demonstrate the amounts the Department reported to the federal grantor were complete and accurate.
Additionally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure management is reviewing reports prior to submission
• Ensure supporting documentation and real-time data used to prepare the reports are retained
• Ensure all amounts reported align with reporting requirements and methodologies
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Department’s Response
The Department appreciates the State Auditor’s Office thorough review of our internal controls and compliance over reporting for the Low-Income Home Energy Assistance Program. The program confirms the reports were reviewed and approved by the Managing Director, the program manager did not retain written approvals.
The program will add the following bolded steps to the Department's procedures for LIHEAP federal reporting.
The retention of the source data at the time the reports are pulled will result in the Department and SAO reviewing the same data from the same time.
The Department follows the reporting process outlined below:
• Program manager pulls the necessary reports
• LIHEAP program manager will retain all data reports from the LIHEAP data system used for reporting.
• LIHEAP information technology staff will save a snapshot of the entire database from the date of the report. This will allow the State Auditor’s Office to review the actual information used for reporting.
• Managing director reviews reports before submittal.
• Managing director will send written/email approval to program manager
• Program manager will retain written approval for the State Auditor’s Office review
• Program manager submits reports once managing director approval is received.
• Program manager receives notice that the report has been accepted by the funder.
• Program manager saves a copy of the report, documentation, and acceptance
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart 342, Monitoring and reporting program performance, states in part:
b. Non-construction performance reports. The HHS awarding agency must use standard, OMB-approved data elements for collection of performance information (including performance progress reports, Research Performance Progress Report, or such future collections as may be approved by OMB and listed on the OMB Web site).
1. The non-Federal entity must submit performance reports at the interval required by the HHS awarding agency or pass-through entity to best inform improvements in program outcomes and productivity. Intervals must be no less frequent than annually nor more frequent than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes. Annual reports must be due 90 calendar days after the reporting period; quarterly or semiannual reports must be due 30 calendar days after the reporting period. Alternatively, the HHS awarding agency or pass-through entity may require annual reports before the anniversary dates of multiple year Federal awards. The final performance report will be due 90 calendar days after the period of performance end date. If a justified request is submitted by a non-Federal entity, the HHS awarding agency may extend the due date for any performance report.
Title 45 CFR Part 96, Subpart 82, Required report on households assisted, states in part:
a. Each grantee which is a State or an insular area which receives an annual allotment of at least $200,000 shall submit to the Department, as part of its LIHEAP grant application, the data required by section 2605(c)(1)(G) of Public Law 97-35 (42 U.S.C. 8624(c)(1)(G)) for the 12-month period corresponding to the Federal fiscal year (October 1 – September 30) preceding the fiscal year for which funds are requested. The data shall be reported separately for LIHEAP heating, cooling, crisis, and weatherization assistance.
Office of Management and Budget, 2023 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The U.S. Department of Health and Human Services, Division of Energy Assistance, Office of Community Services, Administration of Children and Families, provides the following reporting instructions:
• Instructions for the LIHEAP Performance Data Form for FFY 2022
• Instructions for the LIHEAP Household Report for FFY 2022 – Long Form
• Instructions for Completion of the Quarterly Performance and Management Report for the Low-Income Home Energy Assistance Program
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11
2023-056 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for the Low-Income Home Energy Assistance Program contained the federal award identification elements.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S Department of Health & Human Services
Federal Award/Contract Number: 2301WALIEA, 2301WALIEE, 2301WALIEI, 2201WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Commerce administers the Low-Income Home Energy Assistance Program (LIHEAP), which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. During the audit period, the energy assistance program allocated funds to 26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85 percent of LIHEAP funds go to the energy assistance program, with no more than 15 percent allocated for weatherization activities. Each program makes separate subawards to subrecipients.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. LIHEAP management reviews subawards prior to execution to ensure all elements are included in the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure LIHEAP subawards contained the federal award identification elements.
During the audit period, the Department executed 126 LIHEAP subawards for the energy assistance and weatherization programs. The Department uses the same process for these two programs to ensure the 14 federal award identification elements are included in the subawards. We used a non-statistical sampling method to randomly select and examine 17 of these subawards to determine if the required information was included. We found that six energy assistance subawards (35 percent) did not have the correct FAIN. One of these six subawards (6 percent) also incorrectly communicated seven additional elements, and it did not properly differentiate separate projects and costs and, therefore, did not clearly communicate the allowable activities for each specific FAIN on the subaward.
We also judgmentally reviewed three additional energy assistance subawards. For all three, we found eight of the elements were not correctly communicated to the subrecipient, and they did not properly communicate the program’s allowable activities.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
In an effort to be more efficient, program management included two FAINs in one subaward. However, the FAINs had different information for some of the 14 federal award identification elements, and management did not ensure that the necessary information for each FAIN was included in the subaward.
Effect of Condition
By not clearly identifying the required information in subawards, the Department cannot ensure that subrecipients are adequately informed of program requirements for each federal award.
Recommendation
We recommend the Department establish policies and procedures and provide training for staff to ensure it includes all required federal award identification elements in subawards.
Department’s Response
The Department agrees with this finding. The wrong Federal Award Identification Numbers (FAIN) were entered incorrectly due to multiple awards and contracts being sent out.
While 13 of the 14 required elements were included, the issue with the multiple awards and FAINs on a single contract will be corrected. The Department will separate the FAIN information by award on the contract in the Contract Face Sheet (CFS), the Contract Information Sheet (CIS), and Section 1. Acknowledgment of Federal Funding in the Special & General Terms & Conditions of the contract. The information will be entered by the LIHEAP Commerce Specialist 3, reviewed by the LIHEAP Program Manager, and then reviewed by the Community & Economic Opportunities Managing Director prior to contracts being sent out.
In addition, the Requirements for Pass Through Entities fourteen elements will be communicated to all subrecipients via the Department required communication which was a required process Commerce implemented in 2022. This communication is included as part of each award issued to subrecipients as required by the Code of Federal Regulations.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, establishes requirements for pass-through entities.
Title 45 CFR Part 75, section 303, Subpart D - Standards for Financial and Program Management 3, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-057 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments and monitor subrecipients of the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: 2301WALIEA, 2201WALIEA, 2101WALIEA, 2301WALIEE, 2301WALIEI, 2201WALIEI, 2101WAE5C6, 2101WALWC6, 2101WALWC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Commerce administers the Low-Income Home Energy Assistance Program (LIHEAP), which provides financial assistance to low-income households to meet their energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2023, the Department spent more than $107 million in federal funds, about $99 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. The energy assistance program allocated funds to
26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85 percent of LIHEAP funds go to the energy assistance program, with no more than 15 percent allocated for weatherization activities. Each program makes separate subawards to subrecipients and conducts risk assessments and monitoring activities independently of each other. For weatherization, the Department includes other federal programs in the monitoring activity, and staff use a checklist to ensure all monitoring is performed.
Federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations also require the Department to monitor the activities of its subrecipients as necessary to ensure that they use their subawards for authorized purposes, comply with the terms and conditions of their subawards, and achieve performance goals.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments and monitor LIHEAP subrecipients.
We did not identify issues with the energy assistance program during the audit period. However, we found the Department did not perform risk assessments for any of its 24 subrecipients (100 percent) for the weatherization program.
We used a non-statistical sampling method to randomly select and examine eight out of the 24 total weatherization subrecipients to determine if the Department conducted sufficient program and fiscal monitoring. We found Department staff did not fully complete the monitoring checklist for six subrecipients (75 percent). Also, for all eight subrecipients (100 percent), we could not determine if the monitoring activity was specific to the federal requirements for the program. Furthermore, we found seven subrecipients (88 percent) did not have adequate documentation to determine if the reimbursement requests reviewed were for the LIHEAP program.
Finally, the Department classified six out of the eight subrecipients examined as high risk and two as low risk. However, all subrecipients received the same level of monitoring regardless of their classified risk level.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department does not have adequate policies and procedures in place to ensure the risk assessments are completed and influence the level of monitoring activity. Furthermore, management did not adequately monitor employees performing the monitoring activity to ensure they properly completed the checklists. Department employees said staffing shortages contributed to delays in performing risk assessments, staff responsible for the risk assessments were not aware they must be completed within each fiscal year, and management did not ensure they were performed.
Furthermore, the weatherization program staff said their monitoring activity was focused on ensuring compliance for other federal programs, and they were not aware that monitoring activities must be specific to the requirements and terms and conditions of the LIHEAP awards.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Department is meeting federal requirements by performing the appropriate level of monitoring to ensure subrecipients comply with program requirements.
Furthermore, without proper and complete monitoring documentation, management cannot ensure that Department staff are adequately monitoring subrecipients.
Recommendations
We recommend the Department:
• Improve internal controls to ensure it performs required risk assessments
• Improve internal controls to ensure that all monitoring documentation is thorough and complete
• Ensure staff conduct program and financial monitoring that is clearly attributable to the federal award’s requirements
• Ensure that risk-based monitoring activities are specific to the federal award and distinguishable between low- and high-risk subrecipients
Department’s Response
The Department concurs with the finding. The Department’s Weatherization program conducts a robust risk assessment annually that includes multiple levels of risks across all programs. The risk assessment reviews risk per subrecipient and is separate from our monitoring process.
Over the course of the years of 2022 and 2023, the program underwent some significant staff changes. Three supervisor level positions were vacated and numerous programmatic staff positions changes were made which resulted in the annual risk assessment for fiscal year 2023 not being completed in time and missing data not recorded in monitoring reports.
The program’s monitoring team utilizes the risk assessment and other resources to determine the focus areas of weatherization monitoring, not necessarily the number of projects for inspection. The Department of Energy requires all grantees to inspect a minimum of 5% or 10% of completed units be inspected depending on if the agency has a waiver for an independent auditor and inspector. The monitoring team exceeds the DOE requirements by inspecting between 10 and 20 percent of all production, statewide.
The monitoring team does not delineate LIHEAP specific projects in their monitoring since very few are solely LIHEAP funded. The vast majority utilize a combination of federal, state and utility funding. The team reserves the right to increase the number of projects inspected based on agency risk and inspection results independent of the funding sources. However, the results of our monitoring in concert with the risk assessment and previously identified concerns determine if an elevated level of review is needed beyond the minimum standards.
The Department acknowledges the recommendations set forth by the State Auditor’s Office and plan to implement changes. The team is currently in the process of finalizing the 2023 Risk Assessment which is expected to be finalized by December 31, 2023. The process for the 2024 Risk Assessment will then commence and be completed by May 30, 2024. The team will incorporate a formal checklist process that will assign staff to tasks and include supervisory signatures to ensure compliance and timeliness. All supervisory positions have been filled.
A two day meeting is scheduled in January 2024 to review and update all monitoring processes, procedures, forms, and protocols. The goal is to better align monitoring forms and checklists with the risk assessment tools. The team recognizes the need to clarify the process and increase consistency for elevated levels of monitoring while ensuring that all required documentation and checklists are complete. This will include supervisor review and sign off at appropriate milestones of the monitoring process. We intend to have all monitoring forms updated by May 30, 2024. We will work in sync with our LIHEAP program manager to ensure we are in compliance with monitoring expectations specific to the program and determine how we might increase monitoring for weatherization LIHEAP projects. We appreciate the thorough review and feedback, the information provided assisted in our efforts to improve our weatherization monitoring process and service delivery.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-065 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-047
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed, or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35 percent, 25 percent, and 40 percent, respectively, that will total 100 percent. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2023, the Department allocated about $18 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with certain requirements of its PACAP. The prior finding number was 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (September 2022).
We determined this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit. In addition, the Department has confirmed that all cost base 100 workbooks have been properly completed for state fiscal year 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part: FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
2023-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-048
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $11.6 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink. When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice based on billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
The Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department was unable to fully implement the corrective action plan during the audit period.
Effect of Condition
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported.
Recommendation
We recommend the Department follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not have the opportunity to fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. There by the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In April 2023, the Fiscal Integrity Unit, within the Financial and Business Services Division (FBSD), worked with the Child Welfare and Information Technology Divisions to implement the following internal controls:
• Utilized algorithms in the Sprout system to identify reimbursement requests outside of a reasonable amount.
• Required providers to submit additional documentation or explanation for those identified amounts.
• Implemented a re-run process for prior billing periods to eliminate potential double billings by providers.
• Trained headquarters and field office accounting staff to utilize the new algorithms and review additional documentation prior to processing payments.
In August 2023, the Contracts Compliance Team, within the FBSD, hired one new staff dedicated to reviewing all regional client service child welfare contracts including family time visit payments and will hire an additional staff in December 2023. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began fiscal monitoring of family time visit payments in November 2023.
The Department also required additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment. The Department continues to identify and implement regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $8.6 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists meet with caregivers to discuss the amount of time they spend meeting a child’s needs. To ensure maintenance payments are accurate and allowable, the specialists enter the caregivers’ answers into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate for caregivers’ time spent meeting a child’s needs. Prior to payment, a Department supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 22,538 made during the audit period. We found that the Department did not perform six-month reviews of the reimbursement rates for five payments.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said limitations with the FamLink system prevented the Department from running reports to verify that rate assessments were reviewed timely. Additionally, management did not establish another method to monitor these requirements.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department utilizes FamLink as the case management system for Foster Care which due to system limitations did not have the reporting capabilities to track rate setting reviews during the audit period. The Department created a report in FamLink to assist rate assesors in identifying six-month reviews that had not been performed timely. This tool has helped supervisors identify late rate assessments but has not helped them track six-month rate assessment due dates. A request has been submitted to the Department’s Office of Innovation, Alignment, and Accountability to update the report to show when the next rate assessment is due. Until this report update is completed, the supervisors will be performing monthly tracking to assist with internal controls and compliance with reviews.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, states:
The caseworker or designated rate assessment specialist will meet with the foster parent in person or telephonically to complete the assessment:
1.Within thirty days of the child’s placement in the foster parent’s home;
2.At least every six months after the first assessment, except under limited circumstances that serve the best interest of the child; and
When there is a significant change in circumstances for the child or in the foster parent’s ability or time required to meet the child’s needs.
2023-068 The Department of Children, Youth, and Families did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-050
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers' households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results of the name-based check, the Department shall provide a complete set of each adult resident's fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds. This included about $33.3 million for payments to providers for direct client services, with $1.4 million paid to licensed group care facilities and $13.3 million paid to foster family homes. State and federal law require background checks for foster family homes and licensed group care facilities.
Licensed group care facilities
Licensed group care facilities are maintained and operated for groups of children on a 24-hour basis to provide safe, healthy living environments that meet the developmental needs of the children in care. These facilities are not permanent homes, but they provide a higher level of care for the foster children who are in them. Before a facility becomes licensed, it must complete an application that the Department reviews to ensure the facility is compliant with licensing requirements. This includes ensuring all people working in the facility have cleared background checks, which is a requirement in state and federal law.
After the initial application, the Department requests the group care facility to provide quarterly reports of new and existing employees to ensure all have cleared background checks before they are allowed unsupervised access to children. To track this, the Department enters employees’ information and the facilities they work at into the FamLink system. FamLink is a service delivery and support system the Department uses to track clients statewide, and management uses it to track service performance and outcomes.
Foster family homes
Prospective foster parents, as well as any adults residing in prospective caregivers’ households, must have satisfactorily met background checks. These checks, including state and federal criminal records and child abuse and neglect central registries, are part of the process of assessing the suitability of these caregivers to provide a safe home for children placed in their care.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. The prior finding number was 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Licensed group care facilities
In the prior audit, we found that the Department did not effectively monitor when employees started working in facilities. Without documenting employees’ start date of employment, the Department cannot ensure they had cleared background checks before having unsupervised access to children. We found this internal control weakness still existed in the current audit because the Department was not able to fully implement its corrective action plan during the audit period. We tested a sample of background checks for facility staff to ensure they were performed properly and determined they were.
Foster family homes
We used a statistical sampling method to randomly select and examine 56 out of 493 households whose adult residents required background checks to ensure they were performed properly. We found the Department placed one child in emergent care with two adults who did not receive timely fingerprint checks within the required timeline of 15 calendar days. The adults in the household had their fingerprint checks at 17 days and were determined eligible for foster child placement.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies, but did not fully implement it during the current audit period.
Further, the Department provided a complete set of each adult resident’s fingerprints to the Washington State Patrol two days late.
Effect of Condition
Without documenting employees’ start dates, the Department cannot ensure they have cleared background checks before beginning work. By not adequately monitoring group care facility employees’ start dates, ineligible employees could have unsupervised access to foster care children before they have cleared the required background checks.
In addition, by not obtaining timely fingerprint background checks for emergent placements, children may be in unsafe environments that affect their health and safety.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure all group care facility employees have cleared background checks before beginning work
• Ensure it provides the Washington State Patrol with all fingerprint background checks for emergent placements within 15 calendar days from the date the name search was conducted
Department’s Response
The Department is committed to ensuring the health, safety, and well-being of all children in our care. As to the Auditor’s specific findings, the Department partially concurs and offers the following detail:
Licensed group care facilities
As stated in the audit finding section, Description of Condition, all group care facility staff sampled during the audit had a cleared background check prior to working in the facility. While we agree the use of definitions such as “effective date” and “start date” could be misleading, we do not concur the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. We are confident that staff who work with children and youth have a cleared background check.
The Department concurs we do not document staff members’ start dates in FamLink. FamLink is used to document background clearance information, but it only allows for one date to be entered as the “effective date.” This “effective date” is imported to the Background Check System as the “start date.” The Department’s Licensing Division enters the “effective date” as the date that the background check paperwork on an applicant/staff member is received from the facility, this is to verify the correct applicant/staff member whose background check is being processed. The data pulled as part of the audit referenced the “start date” from the Background Check System, which the auditor’s office interpreted as hire date or first date they began work in the facility, which was not accurate.
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective April 1, 2023, the Department implemented a corrective action plan for processing background checks for group care facilities in response to the prior audit. Applicant/staff member background check request forms are submitted directly to the Background Check Unit by the facility. The Background Check Unit processes a fingerprint background check, a child abuse/neglect history check, and if applicable, a suitability assessment. The results are then provided to the Licensing Division and the group care facility. If the applicant is cleared, the Licensing Division staff adds the staff member to the group care facility in FamLink. The new “effective date” in FamLink is the final approval from the Background Check Unit. In addition, regional licensors continue to conduct yearly health and safety monitoring visits, which includes a random sample review of personnel files containing background check information.
Foster family homes
As noted in the Background Section of the finding, RCW 26.44.240 does state the Department must immediately remove a child, but the Department is required to recommend removal of the child to the court and receive approval prior to taking action. The court does not always rule in the Department’s favor and the child remains in the placement.
As to the specific exceptions identified, the household that completed fingerprints two days after the required 15 calendar day period was delayed due to one of the applicants last name being misspelled in the system. The applicant was turned away at their fingerprint appointment due to the misspelling causing the delay in the timeline for both members of the household. The applicant notified the Department and once the name was corrected the applicant was able to fingerprint and both applicants in the household received a “no record” result as was reported on their initial National Crime Information Center (NCIC) Code X checks prior to the emergent placement.
Auditor’s Remarks
We appreciate the Department’s commitment to resolving these matters.
The purpose of our testing was to ensure employees had a clear background check prior to them working at the group home facility. We knew that the “start date” from the Background Check System was not the first date an employee began working in the facility. During our review, we did not use the start dates in the system, but instead reviewed supporting documentation to identify the actual start dates when possible. However, the Department was unable to demonstrate whether some employees had clear background checks before working because they did not have the start date of their employment.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code § 671 - State plan for foster care and adoption assistance, specifies the federal requirements for background checks.
RCW 43.43.837, Fingerprint-based checks—Requirements for applicants and service providers—Shared background checks—Fees—Rules to establish financial responsibility.
RCW 26.44.240, Out-of-home care—Emergency placement—Criminal history record check.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks
2023-069 The Department of Children, Youth, and Families did not have adequate internal controls over reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirement: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-051
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2023, about 8,000 children were in Washington’s foster care system. In fiscal year 2023, the Department spent almost $140.5 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding number was 2022-051.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 117 lines in aggregate, and 12 (10 percent) of the lines were incorrect.
We also reviewed all four reports the Department submitted during the audit period, and we found that all of them contained inaccuracies. In total, the Department overreported its program expenditures by a total of $571,586. The Department also overstated the total number of children receiving foster care benefits by 153.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. It was found that the Department did not create accurate crosswalks to ensure reports were run properly, and although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management advised that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendations
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department partially concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department provided electronic copies of the quarterly crosswalks to SAO for the reporting period being reviewed. During a previous audit SAO recommended that the Department maintain paper copies of the crosswalks and reports to show review and approvals. The paper copies of the crosswalks notated the changes made during the review and approval process for the quarterly reports. Due to staffing and limited time available the paper copies were not reviewed and provided to SAO to clear the exceptions identified above. The incorrect crosswalk information did not have an impact on the accuracy of the data reported.
Inaccurate Reports
SAO stated the Department over reported its program expenditures by a total of $571,586. The Department does not concur with the total amount determine. The FFY22 Quarter 4 report was noted as overstated by $254,721, but the expenditures were correctly reported; however the crosswalk used as reference was documented incorrectly. As stated above the incorrect crosswalk information did not have an impact on the expenditure data reported.
As to the FFY23 Quarter 3 report, the Department has reconciled the data and determined that we over reported by $237,212. The Department will submit a correction to the federal partner during the next reporting period.
The Department will review and strengthen our internal processes in order to complete the quarterly reports accurately.
Auditor’s Remarks
We appreciate the Department’s commitment to strengthening its internal processes to complete the quarterly reports accurately.
Quarterly Crosswalks
Based on our understanding of the process, obtained from the Department, the purpose of the Crosswalks is to create guidelines for accurately completing the CB-496 reports and is one of the key internal controls the Department asserted ensured accuracy of the CB-496 reports. This key internal control was confirmed by the Department on July 26, 2023. During our compliance testing, we noted several exceptions that resulted from the inaccuracy of the crosswalks.
Inaccurate Reports
The instructions on the Crosswalk indicate certain line items should be subtracted to determine the amount to be reported. The instructions provided by the Federal Government for line 7a, In-Placement Administrative Costs – Provider and Agency Management, indicate lines 11a through 14b need to be subtracted. In the crosswalks the Department stated that only Line 13a was subtracted. Therefore, $254,721 more was reported on the CB-496 than instructions indicated.
We reaffirm our finding, and we will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
(a) Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
2023-065 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-047
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed, or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35 percent, 25 percent, and 40 percent, respectively, that will total 100 percent. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2023, the Department allocated about $18 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with certain requirements of its PACAP. The prior finding number was 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (September 2022).
We determined this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit. In addition, the Department has confirmed that all cost base 100 workbooks have been properly completed for state fiscal year 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part: FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
2023-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-048
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $11.6 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink. When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice based on billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
The Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department was unable to fully implement the corrective action plan during the audit period.
Effect of Condition
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported.
Recommendation
We recommend the Department follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not have the opportunity to fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. There by the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In April 2023, the Fiscal Integrity Unit, within the Financial and Business Services Division (FBSD), worked with the Child Welfare and Information Technology Divisions to implement the following internal controls:
• Utilized algorithms in the Sprout system to identify reimbursement requests outside of a reasonable amount.
• Required providers to submit additional documentation or explanation for those identified amounts.
• Implemented a re-run process for prior billing periods to eliminate potential double billings by providers.
• Trained headquarters and field office accounting staff to utilize the new algorithms and review additional documentation prior to processing payments.
In August 2023, the Contracts Compliance Team, within the FBSD, hired one new staff dedicated to reviewing all regional client service child welfare contracts including family time visit payments and will hire an additional staff in December 2023. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began fiscal monitoring of family time visit payments in November 2023.
The Department also required additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment. The Department continues to identify and implement regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $8.6 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists meet with caregivers to discuss the amount of time they spend meeting a child’s needs. To ensure maintenance payments are accurate and allowable, the specialists enter the caregivers’ answers into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate for caregivers’ time spent meeting a child’s needs. Prior to payment, a Department supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 22,538 made during the audit period. We found that the Department did not perform six-month reviews of the reimbursement rates for five payments.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said limitations with the FamLink system prevented the Department from running reports to verify that rate assessments were reviewed timely. Additionally, management did not establish another method to monitor these requirements.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department utilizes FamLink as the case management system for Foster Care which due to system limitations did not have the reporting capabilities to track rate setting reviews during the audit period. The Department created a report in FamLink to assist rate assesors in identifying six-month reviews that had not been performed timely. This tool has helped supervisors identify late rate assessments but has not helped them track six-month rate assessment due dates. A request has been submitted to the Department’s Office of Innovation, Alignment, and Accountability to update the report to show when the next rate assessment is due. Until this report update is completed, the supervisors will be performing monthly tracking to assist with internal controls and compliance with reviews.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, states:
The caseworker or designated rate assessment specialist will meet with the foster parent in person or telephonically to complete the assessment:
1.Within thirty days of the child’s placement in the foster parent’s home;
2.At least every six months after the first assessment, except under limited circumstances that serve the best interest of the child; and
When there is a significant change in circumstances for the child or in the foster parent’s ability or time required to meet the child’s needs.
2023-068 The Department of Children, Youth, and Families did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-050
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers' households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results of the name-based check, the Department shall provide a complete set of each adult resident's fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds. This included about $33.3 million for payments to providers for direct client services, with $1.4 million paid to licensed group care facilities and $13.3 million paid to foster family homes. State and federal law require background checks for foster family homes and licensed group care facilities.
Licensed group care facilities
Licensed group care facilities are maintained and operated for groups of children on a 24-hour basis to provide safe, healthy living environments that meet the developmental needs of the children in care. These facilities are not permanent homes, but they provide a higher level of care for the foster children who are in them. Before a facility becomes licensed, it must complete an application that the Department reviews to ensure the facility is compliant with licensing requirements. This includes ensuring all people working in the facility have cleared background checks, which is a requirement in state and federal law.
After the initial application, the Department requests the group care facility to provide quarterly reports of new and existing employees to ensure all have cleared background checks before they are allowed unsupervised access to children. To track this, the Department enters employees’ information and the facilities they work at into the FamLink system. FamLink is a service delivery and support system the Department uses to track clients statewide, and management uses it to track service performance and outcomes.
Foster family homes
Prospective foster parents, as well as any adults residing in prospective caregivers’ households, must have satisfactorily met background checks. These checks, including state and federal criminal records and child abuse and neglect central registries, are part of the process of assessing the suitability of these caregivers to provide a safe home for children placed in their care.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. The prior finding number was 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Licensed group care facilities
In the prior audit, we found that the Department did not effectively monitor when employees started working in facilities. Without documenting employees’ start date of employment, the Department cannot ensure they had cleared background checks before having unsupervised access to children. We found this internal control weakness still existed in the current audit because the Department was not able to fully implement its corrective action plan during the audit period. We tested a sample of background checks for facility staff to ensure they were performed properly and determined they were.
Foster family homes
We used a statistical sampling method to randomly select and examine 56 out of 493 households whose adult residents required background checks to ensure they were performed properly. We found the Department placed one child in emergent care with two adults who did not receive timely fingerprint checks within the required timeline of 15 calendar days. The adults in the household had their fingerprint checks at 17 days and were determined eligible for foster child placement.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies, but did not fully implement it during the current audit period.
Further, the Department provided a complete set of each adult resident’s fingerprints to the Washington State Patrol two days late.
Effect of Condition
Without documenting employees’ start dates, the Department cannot ensure they have cleared background checks before beginning work. By not adequately monitoring group care facility employees’ start dates, ineligible employees could have unsupervised access to foster care children before they have cleared the required background checks.
In addition, by not obtaining timely fingerprint background checks for emergent placements, children may be in unsafe environments that affect their health and safety.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure all group care facility employees have cleared background checks before beginning work
• Ensure it provides the Washington State Patrol with all fingerprint background checks for emergent placements within 15 calendar days from the date the name search was conducted
Department’s Response
The Department is committed to ensuring the health, safety, and well-being of all children in our care. As to the Auditor’s specific findings, the Department partially concurs and offers the following detail:
Licensed group care facilities
As stated in the audit finding section, Description of Condition, all group care facility staff sampled during the audit had a cleared background check prior to working in the facility. While we agree the use of definitions such as “effective date” and “start date” could be misleading, we do not concur the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. We are confident that staff who work with children and youth have a cleared background check.
The Department concurs we do not document staff members’ start dates in FamLink. FamLink is used to document background clearance information, but it only allows for one date to be entered as the “effective date.” This “effective date” is imported to the Background Check System as the “start date.” The Department’s Licensing Division enters the “effective date” as the date that the background check paperwork on an applicant/staff member is received from the facility, this is to verify the correct applicant/staff member whose background check is being processed. The data pulled as part of the audit referenced the “start date” from the Background Check System, which the auditor’s office interpreted as hire date or first date they began work in the facility, which was not accurate.
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective April 1, 2023, the Department implemented a corrective action plan for processing background checks for group care facilities in response to the prior audit. Applicant/staff member background check request forms are submitted directly to the Background Check Unit by the facility. The Background Check Unit processes a fingerprint background check, a child abuse/neglect history check, and if applicable, a suitability assessment. The results are then provided to the Licensing Division and the group care facility. If the applicant is cleared, the Licensing Division staff adds the staff member to the group care facility in FamLink. The new “effective date” in FamLink is the final approval from the Background Check Unit. In addition, regional licensors continue to conduct yearly health and safety monitoring visits, which includes a random sample review of personnel files containing background check information.
Foster family homes
As noted in the Background Section of the finding, RCW 26.44.240 does state the Department must immediately remove a child, but the Department is required to recommend removal of the child to the court and receive approval prior to taking action. The court does not always rule in the Department’s favor and the child remains in the placement.
As to the specific exceptions identified, the household that completed fingerprints two days after the required 15 calendar day period was delayed due to one of the applicants last name being misspelled in the system. The applicant was turned away at their fingerprint appointment due to the misspelling causing the delay in the timeline for both members of the household. The applicant notified the Department and once the name was corrected the applicant was able to fingerprint and both applicants in the household received a “no record” result as was reported on their initial National Crime Information Center (NCIC) Code X checks prior to the emergent placement.
Auditor’s Remarks
We appreciate the Department’s commitment to resolving these matters.
The purpose of our testing was to ensure employees had a clear background check prior to them working at the group home facility. We knew that the “start date” from the Background Check System was not the first date an employee began working in the facility. During our review, we did not use the start dates in the system, but instead reviewed supporting documentation to identify the actual start dates when possible. However, the Department was unable to demonstrate whether some employees had clear background checks before working because they did not have the start date of their employment.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code § 671 - State plan for foster care and adoption assistance, specifies the federal requirements for background checks.
RCW 43.43.837, Fingerprint-based checks—Requirements for applicants and service providers—Shared background checks—Fees—Rules to establish financial responsibility.
RCW 26.44.240, Out-of-home care—Emergency placement—Criminal history record check.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks
2023-069 The Department of Children, Youth, and Families did not have adequate internal controls over reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirement: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-051
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2023, about 8,000 children were in Washington’s foster care system. In fiscal year 2023, the Department spent almost $140.5 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding number was 2022-051.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 117 lines in aggregate, and 12 (10 percent) of the lines were incorrect.
We also reviewed all four reports the Department submitted during the audit period, and we found that all of them contained inaccuracies. In total, the Department overreported its program expenditures by a total of $571,586. The Department also overstated the total number of children receiving foster care benefits by 153.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. It was found that the Department did not create accurate crosswalks to ensure reports were run properly, and although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management advised that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendations
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department partially concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department provided electronic copies of the quarterly crosswalks to SAO for the reporting period being reviewed. During a previous audit SAO recommended that the Department maintain paper copies of the crosswalks and reports to show review and approvals. The paper copies of the crosswalks notated the changes made during the review and approval process for the quarterly reports. Due to staffing and limited time available the paper copies were not reviewed and provided to SAO to clear the exceptions identified above. The incorrect crosswalk information did not have an impact on the accuracy of the data reported.
Inaccurate Reports
SAO stated the Department over reported its program expenditures by a total of $571,586. The Department does not concur with the total amount determine. The FFY22 Quarter 4 report was noted as overstated by $254,721, but the expenditures were correctly reported; however the crosswalk used as reference was documented incorrectly. As stated above the incorrect crosswalk information did not have an impact on the expenditure data reported.
As to the FFY23 Quarter 3 report, the Department has reconciled the data and determined that we over reported by $237,212. The Department will submit a correction to the federal partner during the next reporting period.
The Department will review and strengthen our internal processes in order to complete the quarterly reports accurately.
Auditor’s Remarks
We appreciate the Department’s commitment to strengthening its internal processes to complete the quarterly reports accurately.
Quarterly Crosswalks
Based on our understanding of the process, obtained from the Department, the purpose of the Crosswalks is to create guidelines for accurately completing the CB-496 reports and is one of the key internal controls the Department asserted ensured accuracy of the CB-496 reports. This key internal control was confirmed by the Department on July 26, 2023. During our compliance testing, we noted several exceptions that resulted from the inaccuracy of the crosswalks.
Inaccurate Reports
The instructions on the Crosswalk indicate certain line items should be subtracted to determine the amount to be reported. The instructions provided by the Federal Government for line 7a, In-Placement Administrative Costs – Provider and Agency Management, indicate lines 11a through 14b need to be subtracted. In the crosswalks the Department stated that only Line 13a was subtracted. Therefore, $254,721 more was reported on the CB-496 than instructions indicated.
We reaffirm our finding, and we will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
(a) Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
2023-065 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-047
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed, or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35 percent, 25 percent, and 40 percent, respectively, that will total 100 percent. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2023, the Department allocated about $18 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with certain requirements of its PACAP. The prior finding number was 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (September 2022).
We determined this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit. In addition, the Department has confirmed that all cost base 100 workbooks have been properly completed for state fiscal year 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part: FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
2023-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-048
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $11.6 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink. When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice based on billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
The Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department was unable to fully implement the corrective action plan during the audit period.
Effect of Condition
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported.
Recommendation
We recommend the Department follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not have the opportunity to fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. There by the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In April 2023, the Fiscal Integrity Unit, within the Financial and Business Services Division (FBSD), worked with the Child Welfare and Information Technology Divisions to implement the following internal controls:
• Utilized algorithms in the Sprout system to identify reimbursement requests outside of a reasonable amount.
• Required providers to submit additional documentation or explanation for those identified amounts.
• Implemented a re-run process for prior billing periods to eliminate potential double billings by providers.
• Trained headquarters and field office accounting staff to utilize the new algorithms and review additional documentation prior to processing payments.
In August 2023, the Contracts Compliance Team, within the FBSD, hired one new staff dedicated to reviewing all regional client service child welfare contracts including family time visit payments and will hire an additional staff in December 2023. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began fiscal monitoring of family time visit payments in November 2023.
The Department also required additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment. The Department continues to identify and implement regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $8.6 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists meet with caregivers to discuss the amount of time they spend meeting a child’s needs. To ensure maintenance payments are accurate and allowable, the specialists enter the caregivers’ answers into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate for caregivers’ time spent meeting a child’s needs. Prior to payment, a Department supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 22,538 made during the audit period. We found that the Department did not perform six-month reviews of the reimbursement rates for five payments.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said limitations with the FamLink system prevented the Department from running reports to verify that rate assessments were reviewed timely. Additionally, management did not establish another method to monitor these requirements.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department utilizes FamLink as the case management system for Foster Care which due to system limitations did not have the reporting capabilities to track rate setting reviews during the audit period. The Department created a report in FamLink to assist rate assesors in identifying six-month reviews that had not been performed timely. This tool has helped supervisors identify late rate assessments but has not helped them track six-month rate assessment due dates. A request has been submitted to the Department’s Office of Innovation, Alignment, and Accountability to update the report to show when the next rate assessment is due. Until this report update is completed, the supervisors will be performing monthly tracking to assist with internal controls and compliance with reviews.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, states:
The caseworker or designated rate assessment specialist will meet with the foster parent in person or telephonically to complete the assessment:
1.Within thirty days of the child’s placement in the foster parent’s home;
2.At least every six months after the first assessment, except under limited circumstances that serve the best interest of the child; and
When there is a significant change in circumstances for the child or in the foster parent’s ability or time required to meet the child’s needs.
2023-068 The Department of Children, Youth, and Families did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-050
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers' households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results of the name-based check, the Department shall provide a complete set of each adult resident's fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds. This included about $33.3 million for payments to providers for direct client services, with $1.4 million paid to licensed group care facilities and $13.3 million paid to foster family homes. State and federal law require background checks for foster family homes and licensed group care facilities.
Licensed group care facilities
Licensed group care facilities are maintained and operated for groups of children on a 24-hour basis to provide safe, healthy living environments that meet the developmental needs of the children in care. These facilities are not permanent homes, but they provide a higher level of care for the foster children who are in them. Before a facility becomes licensed, it must complete an application that the Department reviews to ensure the facility is compliant with licensing requirements. This includes ensuring all people working in the facility have cleared background checks, which is a requirement in state and federal law.
After the initial application, the Department requests the group care facility to provide quarterly reports of new and existing employees to ensure all have cleared background checks before they are allowed unsupervised access to children. To track this, the Department enters employees’ information and the facilities they work at into the FamLink system. FamLink is a service delivery and support system the Department uses to track clients statewide, and management uses it to track service performance and outcomes.
Foster family homes
Prospective foster parents, as well as any adults residing in prospective caregivers’ households, must have satisfactorily met background checks. These checks, including state and federal criminal records and child abuse and neglect central registries, are part of the process of assessing the suitability of these caregivers to provide a safe home for children placed in their care.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. The prior finding number was 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Licensed group care facilities
In the prior audit, we found that the Department did not effectively monitor when employees started working in facilities. Without documenting employees’ start date of employment, the Department cannot ensure they had cleared background checks before having unsupervised access to children. We found this internal control weakness still existed in the current audit because the Department was not able to fully implement its corrective action plan during the audit period. We tested a sample of background checks for facility staff to ensure they were performed properly and determined they were.
Foster family homes
We used a statistical sampling method to randomly select and examine 56 out of 493 households whose adult residents required background checks to ensure they were performed properly. We found the Department placed one child in emergent care with two adults who did not receive timely fingerprint checks within the required timeline of 15 calendar days. The adults in the household had their fingerprint checks at 17 days and were determined eligible for foster child placement.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies, but did not fully implement it during the current audit period.
Further, the Department provided a complete set of each adult resident’s fingerprints to the Washington State Patrol two days late.
Effect of Condition
Without documenting employees’ start dates, the Department cannot ensure they have cleared background checks before beginning work. By not adequately monitoring group care facility employees’ start dates, ineligible employees could have unsupervised access to foster care children before they have cleared the required background checks.
In addition, by not obtaining timely fingerprint background checks for emergent placements, children may be in unsafe environments that affect their health and safety.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure all group care facility employees have cleared background checks before beginning work
• Ensure it provides the Washington State Patrol with all fingerprint background checks for emergent placements within 15 calendar days from the date the name search was conducted
Department’s Response
The Department is committed to ensuring the health, safety, and well-being of all children in our care. As to the Auditor’s specific findings, the Department partially concurs and offers the following detail:
Licensed group care facilities
As stated in the audit finding section, Description of Condition, all group care facility staff sampled during the audit had a cleared background check prior to working in the facility. While we agree the use of definitions such as “effective date” and “start date” could be misleading, we do not concur the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. We are confident that staff who work with children and youth have a cleared background check.
The Department concurs we do not document staff members’ start dates in FamLink. FamLink is used to document background clearance information, but it only allows for one date to be entered as the “effective date.” This “effective date” is imported to the Background Check System as the “start date.” The Department’s Licensing Division enters the “effective date” as the date that the background check paperwork on an applicant/staff member is received from the facility, this is to verify the correct applicant/staff member whose background check is being processed. The data pulled as part of the audit referenced the “start date” from the Background Check System, which the auditor’s office interpreted as hire date or first date they began work in the facility, which was not accurate.
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective April 1, 2023, the Department implemented a corrective action plan for processing background checks for group care facilities in response to the prior audit. Applicant/staff member background check request forms are submitted directly to the Background Check Unit by the facility. The Background Check Unit processes a fingerprint background check, a child abuse/neglect history check, and if applicable, a suitability assessment. The results are then provided to the Licensing Division and the group care facility. If the applicant is cleared, the Licensing Division staff adds the staff member to the group care facility in FamLink. The new “effective date” in FamLink is the final approval from the Background Check Unit. In addition, regional licensors continue to conduct yearly health and safety monitoring visits, which includes a random sample review of personnel files containing background check information.
Foster family homes
As noted in the Background Section of the finding, RCW 26.44.240 does state the Department must immediately remove a child, but the Department is required to recommend removal of the child to the court and receive approval prior to taking action. The court does not always rule in the Department’s favor and the child remains in the placement.
As to the specific exceptions identified, the household that completed fingerprints two days after the required 15 calendar day period was delayed due to one of the applicants last name being misspelled in the system. The applicant was turned away at their fingerprint appointment due to the misspelling causing the delay in the timeline for both members of the household. The applicant notified the Department and once the name was corrected the applicant was able to fingerprint and both applicants in the household received a “no record” result as was reported on their initial National Crime Information Center (NCIC) Code X checks prior to the emergent placement.
Auditor’s Remarks
We appreciate the Department’s commitment to resolving these matters.
The purpose of our testing was to ensure employees had a clear background check prior to them working at the group home facility. We knew that the “start date” from the Background Check System was not the first date an employee began working in the facility. During our review, we did not use the start dates in the system, but instead reviewed supporting documentation to identify the actual start dates when possible. However, the Department was unable to demonstrate whether some employees had clear background checks before working because they did not have the start date of their employment.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code § 671 - State plan for foster care and adoption assistance, specifies the federal requirements for background checks.
RCW 43.43.837, Fingerprint-based checks—Requirements for applicants and service providers—Shared background checks—Fees—Rules to establish financial responsibility.
RCW 26.44.240, Out-of-home care—Emergency placement—Criminal history record check.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks
2023-069 The Department of Children, Youth, and Families did not have adequate internal controls over reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirement: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-051
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2023, about 8,000 children were in Washington’s foster care system. In fiscal year 2023, the Department spent almost $140.5 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding number was 2022-051.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 117 lines in aggregate, and 12 (10 percent) of the lines were incorrect.
We also reviewed all four reports the Department submitted during the audit period, and we found that all of them contained inaccuracies. In total, the Department overreported its program expenditures by a total of $571,586. The Department also overstated the total number of children receiving foster care benefits by 153.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. It was found that the Department did not create accurate crosswalks to ensure reports were run properly, and although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management advised that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendations
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department partially concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department provided electronic copies of the quarterly crosswalks to SAO for the reporting period being reviewed. During a previous audit SAO recommended that the Department maintain paper copies of the crosswalks and reports to show review and approvals. The paper copies of the crosswalks notated the changes made during the review and approval process for the quarterly reports. Due to staffing and limited time available the paper copies were not reviewed and provided to SAO to clear the exceptions identified above. The incorrect crosswalk information did not have an impact on the accuracy of the data reported.
Inaccurate Reports
SAO stated the Department over reported its program expenditures by a total of $571,586. The Department does not concur with the total amount determine. The FFY22 Quarter 4 report was noted as overstated by $254,721, but the expenditures were correctly reported; however the crosswalk used as reference was documented incorrectly. As stated above the incorrect crosswalk information did not have an impact on the expenditure data reported.
As to the FFY23 Quarter 3 report, the Department has reconciled the data and determined that we over reported by $237,212. The Department will submit a correction to the federal partner during the next reporting period.
The Department will review and strengthen our internal processes in order to complete the quarterly reports accurately.
Auditor’s Remarks
We appreciate the Department’s commitment to strengthening its internal processes to complete the quarterly reports accurately.
Quarterly Crosswalks
Based on our understanding of the process, obtained from the Department, the purpose of the Crosswalks is to create guidelines for accurately completing the CB-496 reports and is one of the key internal controls the Department asserted ensured accuracy of the CB-496 reports. This key internal control was confirmed by the Department on July 26, 2023. During our compliance testing, we noted several exceptions that resulted from the inaccuracy of the crosswalks.
Inaccurate Reports
The instructions on the Crosswalk indicate certain line items should be subtracted to determine the amount to be reported. The instructions provided by the Federal Government for line 7a, In-Placement Administrative Costs – Provider and Agency Management, indicate lines 11a through 14b need to be subtracted. In the crosswalks the Department stated that only Line 13a was subtracted. Therefore, $254,721 more was reported on the CB-496 than instructions indicated.
We reaffirm our finding, and we will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
(a) Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
2023-065 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-047
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed, or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35 percent, 25 percent, and 40 percent, respectively, that will total 100 percent. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2023, the Department allocated about $18 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate controls over and did not comply with certain requirements of its PACAP. The prior finding number was 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (September 2022).
We determined this internal control deficiency to be a material weakness that led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit. In addition, the Department has confirmed that all cost base 100 workbooks have been properly completed for state fiscal year 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part: FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
2023-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-048
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $11.6 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink. When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice based on billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
The Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department was unable to fully implement the corrective action plan during the audit period.
Effect of Condition
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported.
Recommendation
We recommend the Department follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not have the opportunity to fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. There by the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In April 2023, the Fiscal Integrity Unit, within the Financial and Business Services Division (FBSD), worked with the Child Welfare and Information Technology Divisions to implement the following internal controls:
• Utilized algorithms in the Sprout system to identify reimbursement requests outside of a reasonable amount.
• Required providers to submit additional documentation or explanation for those identified amounts.
• Implemented a re-run process for prior billing periods to eliminate potential double billings by providers.
• Trained headquarters and field office accounting staff to utilize the new algorithms and review additional documentation prior to processing payments.
In August 2023, the Contracts Compliance Team, within the FBSD, hired one new staff dedicated to reviewing all regional client service child welfare contracts including family time visit payments and will hire an additional staff in December 2023. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began fiscal monitoring of family time visit payments in November 2023.
The Department also required additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment. The Department continues to identify and implement regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds, including about $8.6 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists meet with caregivers to discuss the amount of time they spend meeting a child’s needs. To ensure maintenance payments are accurate and allowable, the specialists enter the caregivers’ answers into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate for caregivers’ time spent meeting a child’s needs. Prior to payment, a Department supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 22,538 made during the audit period. We found that the Department did not perform six-month reviews of the reimbursement rates for five payments.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said limitations with the FamLink system prevented the Department from running reports to verify that rate assessments were reviewed timely. Additionally, management did not establish another method to monitor these requirements.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department utilizes FamLink as the case management system for Foster Care which due to system limitations did not have the reporting capabilities to track rate setting reviews during the audit period. The Department created a report in FamLink to assist rate assesors in identifying six-month reviews that had not been performed timely. This tool has helped supervisors identify late rate assessments but has not helped them track six-month rate assessment due dates. A request has been submitted to the Department’s Office of Innovation, Alignment, and Accountability to update the report to show when the next rate assessment is due. Until this report update is completed, the supervisors will be performing monthly tracking to assist with internal controls and compliance with reviews.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, states:
The caseworker or designated rate assessment specialist will meet with the foster parent in person or telephonically to complete the assessment:
1.Within thirty days of the child’s placement in the foster parent’s home;
2.At least every six months after the first assessment, except under limited circumstances that serve the best interest of the child; and
When there is a significant change in circumstances for the child or in the foster parent’s ability or time required to meet the child’s needs.
2023-068 The Department of Children, Youth, and Families did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-050
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers' households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results of the name-based check, the Department shall provide a complete set of each adult resident's fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2023, the Department spent about $140.5 million in federal grant funds. This included about $33.3 million for payments to providers for direct client services, with $1.4 million paid to licensed group care facilities and $13.3 million paid to foster family homes. State and federal law require background checks for foster family homes and licensed group care facilities.
Licensed group care facilities
Licensed group care facilities are maintained and operated for groups of children on a 24-hour basis to provide safe, healthy living environments that meet the developmental needs of the children in care. These facilities are not permanent homes, but they provide a higher level of care for the foster children who are in them. Before a facility becomes licensed, it must complete an application that the Department reviews to ensure the facility is compliant with licensing requirements. This includes ensuring all people working in the facility have cleared background checks, which is a requirement in state and federal law.
After the initial application, the Department requests the group care facility to provide quarterly reports of new and existing employees to ensure all have cleared background checks before they are allowed unsupervised access to children. To track this, the Department enters employees’ information and the facilities they work at into the FamLink system. FamLink is a service delivery and support system the Department uses to track clients statewide, and management uses it to track service performance and outcomes.
Foster family homes
Prospective foster parents, as well as any adults residing in prospective caregivers’ households, must have satisfactorily met background checks. These checks, including state and federal criminal records and child abuse and neglect central registries, are part of the process of assessing the suitability of these caregivers to provide a safe home for children placed in their care.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. The prior finding number was 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Licensed group care facilities
In the prior audit, we found that the Department did not effectively monitor when employees started working in facilities. Without documenting employees’ start date of employment, the Department cannot ensure they had cleared background checks before having unsupervised access to children. We found this internal control weakness still existed in the current audit because the Department was not able to fully implement its corrective action plan during the audit period. We tested a sample of background checks for facility staff to ensure they were performed properly and determined they were.
Foster family homes
We used a statistical sampling method to randomly select and examine 56 out of 493 households whose adult residents required background checks to ensure they were performed properly. We found the Department placed one child in emergent care with two adults who did not receive timely fingerprint checks within the required timeline of 15 calendar days. The adults in the household had their fingerprint checks at 17 days and were determined eligible for foster child placement.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies, but did not fully implement it during the current audit period.
Further, the Department provided a complete set of each adult resident’s fingerprints to the Washington State Patrol two days late.
Effect of Condition
Without documenting employees’ start dates, the Department cannot ensure they have cleared background checks before beginning work. By not adequately monitoring group care facility employees’ start dates, ineligible employees could have unsupervised access to foster care children before they have cleared the required background checks.
In addition, by not obtaining timely fingerprint background checks for emergent placements, children may be in unsafe environments that affect their health and safety.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure all group care facility employees have cleared background checks before beginning work
• Ensure it provides the Washington State Patrol with all fingerprint background checks for emergent placements within 15 calendar days from the date the name search was conducted
Department’s Response
The Department is committed to ensuring the health, safety, and well-being of all children in our care. As to the Auditor’s specific findings, the Department partially concurs and offers the following detail:
Licensed group care facilities
As stated in the audit finding section, Description of Condition, all group care facility staff sampled during the audit had a cleared background check prior to working in the facility. While we agree the use of definitions such as “effective date” and “start date” could be misleading, we do not concur the Department did not have adequate internal controls to ensure group care facility employees had cleared background checks before having unsupervised access to children. We are confident that staff who work with children and youth have a cleared background check.
The Department concurs we do not document staff members’ start dates in FamLink. FamLink is used to document background clearance information, but it only allows for one date to be entered as the “effective date.” This “effective date” is imported to the Background Check System as the “start date.” The Department’s Licensing Division enters the “effective date” as the date that the background check paperwork on an applicant/staff member is received from the facility, this is to verify the correct applicant/staff member whose background check is being processed. The data pulled as part of the audit referenced the “start date” from the Background Check System, which the auditor’s office interpreted as hire date or first date they began work in the facility, which was not accurate.
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective April 1, 2023, the Department implemented a corrective action plan for processing background checks for group care facilities in response to the prior audit. Applicant/staff member background check request forms are submitted directly to the Background Check Unit by the facility. The Background Check Unit processes a fingerprint background check, a child abuse/neglect history check, and if applicable, a suitability assessment. The results are then provided to the Licensing Division and the group care facility. If the applicant is cleared, the Licensing Division staff adds the staff member to the group care facility in FamLink. The new “effective date” in FamLink is the final approval from the Background Check Unit. In addition, regional licensors continue to conduct yearly health and safety monitoring visits, which includes a random sample review of personnel files containing background check information.
Foster family homes
As noted in the Background Section of the finding, RCW 26.44.240 does state the Department must immediately remove a child, but the Department is required to recommend removal of the child to the court and receive approval prior to taking action. The court does not always rule in the Department’s favor and the child remains in the placement.
As to the specific exceptions identified, the household that completed fingerprints two days after the required 15 calendar day period was delayed due to one of the applicants last name being misspelled in the system. The applicant was turned away at their fingerprint appointment due to the misspelling causing the delay in the timeline for both members of the household. The applicant notified the Department and once the name was corrected the applicant was able to fingerprint and both applicants in the household received a “no record” result as was reported on their initial National Crime Information Center (NCIC) Code X checks prior to the emergent placement.
Auditor’s Remarks
We appreciate the Department’s commitment to resolving these matters.
The purpose of our testing was to ensure employees had a clear background check prior to them working at the group home facility. We knew that the “start date” from the Background Check System was not the first date an employee began working in the facility. During our review, we did not use the start dates in the system, but instead reviewed supporting documentation to identify the actual start dates when possible. However, the Department was unable to demonstrate whether some employees had clear background checks before working because they did not have the start date of their employment.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code § 671 - State plan for foster care and adoption assistance, specifies the federal requirements for background checks.
RCW 43.43.837, Fingerprint-based checks—Requirements for applicants and service providers—Shared background checks—Fees—Rules to establish financial responsibility.
RCW 26.44.240, Out-of-home care—Emergency placement—Criminal history record check.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks
2023-069 The Department of Children, Youth, and Families did not have adequate internal controls over reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2303WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Requirement: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-051
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2023, about 8,000 children were in Washington’s foster care system. In fiscal year 2023, the Department spent almost $140.5 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding number was 2022-051.
Description of Condition
The Department did not have adequate internal controls over reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 117 lines in aggregate, and 12 (10 percent) of the lines were incorrect.
We also reviewed all four reports the Department submitted during the audit period, and we found that all of them contained inaccuracies. In total, the Department overreported its program expenditures by a total of $571,586. The Department also overstated the total number of children receiving foster care benefits by 153.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. It was found that the Department did not create accurate crosswalks to ensure reports were run properly, and although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management advised that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendations
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department partially concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department provided electronic copies of the quarterly crosswalks to SAO for the reporting period being reviewed. During a previous audit SAO recommended that the Department maintain paper copies of the crosswalks and reports to show review and approvals. The paper copies of the crosswalks notated the changes made during the review and approval process for the quarterly reports. Due to staffing and limited time available the paper copies were not reviewed and provided to SAO to clear the exceptions identified above. The incorrect crosswalk information did not have an impact on the accuracy of the data reported.
Inaccurate Reports
SAO stated the Department over reported its program expenditures by a total of $571,586. The Department does not concur with the total amount determine. The FFY22 Quarter 4 report was noted as overstated by $254,721, but the expenditures were correctly reported; however the crosswalk used as reference was documented incorrectly. As stated above the incorrect crosswalk information did not have an impact on the expenditure data reported.
As to the FFY23 Quarter 3 report, the Department has reconciled the data and determined that we over reported by $237,212. The Department will submit a correction to the federal partner during the next reporting period.
The Department will review and strengthen our internal processes in order to complete the quarterly reports accurately.
Auditor’s Remarks
We appreciate the Department’s commitment to strengthening its internal processes to complete the quarterly reports accurately.
Quarterly Crosswalks
Based on our understanding of the process, obtained from the Department, the purpose of the Crosswalks is to create guidelines for accurately completing the CB-496 reports and is one of the key internal controls the Department asserted ensured accuracy of the CB-496 reports. This key internal control was confirmed by the Department on July 26, 2023. During our compliance testing, we noted several exceptions that resulted from the inaccuracy of the crosswalks.
Inaccurate Reports
The instructions on the Crosswalk indicate certain line items should be subtracted to determine the amount to be reported. The instructions provided by the Federal Government for line 7a, In-Placement Administrative Costs – Provider and Agency Management, indicate lines 11a through 14b need to be subtracted. In the crosswalks the Department stated that only Line 13a was subtracted. Therefore, $254,721 more was reported on the CB-496 than instructions indicated.
We reaffirm our finding, and we will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
(a) Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
2023-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the Social Services Block Grant.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2202WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $8,518,020
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding. Of this amount, the Department paid about $19.8 million to providers for direct client services.
SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs and then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG.
Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to the SSBG grant to align with the Pre-Expenditure Report. The Department also said management performed a monthly reconciliation to verify the expenditures were for allowable activities and within the period of performance.
During our testing, we found the Department used the Pre-Expenditure report to identify eligible activities for the SSBG program and transferred funds accordingly. However, we found the Department did not perform monthly reconciliations to verify these expenditures were for allowable activities and within the period of performance.
We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowable, authorized, accurate and supported. We identified total provider payments of $19,767,744 that were transferred to the SSBG program during fiscal year 2023. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which are identified in the table below.
Provider payments for which the Department provided an adequate level of support
We used a statistical sampling method to randomly select and examine 118 out of a total sampling population of 16,006 payments. We also selected and examined two individually significant items.
We reviewed the supporting documentation, description of activities, and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate.
Provider payments for which the Department could not provide an adequate level of support
We were unable to perform testing on 1,102 payments totaling $8,518,020 because the Department was only able to provide summary level information. The Department was unable to provide an adequate level of support for us to determine whether the costs were for activities that were allowable, authorized, and within the period of performance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to staffing vacancies during the fiscal year, the Department did not perform monthly reconciliations to verify the expenditures were for allowable activities and within the period of performance.
In addition, the Department processed expenditure transfers at the grant level. As a result, the Department could not provide adequate level of expenditure for 43 percent of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities, and incurred during the period of performance.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit some of the federal dollars it transferred to SSBG.
We are questioning $8,518,020 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The expenditures were allowable and within the period of performance. Cost objectives within the accounting system are used to track SSBG funding. Expenditures eligible for the SSBG grant are transferred at the cost objective level and not the transaction level.
The SAO tested a sample of 16,006 payments which totaled 94% of total provider payments charged to the grant. SAO found that all payments were for activities that were supported, allowable, authorized, and accurate. SAO did not test the remaining payments, which totaled 6% of the total provider payment charged to the grant, because the transfer of expenditures were not complete at the transaction level for those payments. Those remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
The Department stated that we tested 94 percent of total provider payments charged to the grant. However, this is not accurate. We randomly selected 118 provider payments, using a statistical sampling method, that came from a population that made up 57 percent of the total amount paid to providers. We were not able to perform testing for 43 percent of the total amount paid to providers because the Department could not provide an adequate level of support for the payments.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure cash draws for the Social Services Block Grant were properly supported.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2022WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Known Questioned Cost Amount: $1,504,566
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding.
SSBG gave the Department broad flexibility to design and administer the program based on its approved SSBG Pre-Expenditure Report and Intended Use Plan. Expenditures the Department charged to SSBG during the audit period were activities initially incurred for other programs and transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report.
The Department uses the Grant Management System (GMS) to calculate draws for SSBG. GMS automatically uploads federal grant expenditures and revenues nightly from the Agency Financial Reporting System (AFRS), and it calculates cash draws on a semi-monthly basis, or as needed. GMS automatically calculates the federal grant cash draw amount by deducting revenues drawn to date from year-to-date expenditures. The Department periodically processed journal vouchers to transfer eligible expenditures to SSBG. In fiscal year 2023, the Department prepared draws twice per month on a reimbursement basis.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure cash draws for the SSBG were properly supported.
Department management said a supervisor reviewed expenditure reports from AFRS and the GMS system to ensure the cash draw for the period was supported, accurate and included expenditures incurred year to date. Management then reviewed the cash draw to ensure it was supported and accurate before requesting it.
We used a non-statistical sampling method to randomly select and examine five out of a total population of 10 cash draws to determine if they were supported by accounting records. We found one cash draw that the Department made on January 10, 2023, where the GMS-calculated draw amount was negative $4,495,434. Instead of returning the overdrawn funds, the Department made a drawdown for $1,504,566 by manually adjusting the current draw amount to be $6 million in GMS. This draw was based on the Department’s estimate that it had sufficient eligible expenditures. However, the Department did not identify eligible expenditures, and did not process an accounting adjustment to transfer eligible expenditures into SSBG until February 9, 2023, one month after the cash draw was made. We determined that management had reviewed and approved this draw, but it was not supported or accurate.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department identified $4,495,434 in costs that had been improperly charged to the SSBG grant, and then moved them to a different funding source in the accounting system on December 13, 2022, and December 22, 2022. Management estimated the Department had sufficient eligible expenditures in the accounting system to support the overdrawn amount, as well as an additional $1,504,566 cash draw. However, due to competing priorities and staffing issues, the Department did not identify eligible expenditures and transfer them to SSBG before making the draw.
Effect of Condition and Questioned Costs
By not reviewing expenditure reports, the Department could not verify whether it had sufficient eligible expenditures in the accounting system to support the draw. In addition, by not transferring eligible expenditures to the SSBG program timely, the cash drawdown was not supported by expenditures in the accounting system.
We are questioning the $1,504,566 cash draw because we cannot determine whether the manual adjustment of $6 million was for eligible costs for the SSBG program, as the Department was unable to provide an adequate level of expenditure to determine whether the costs were supported.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it only draws federal funds if they are supported in the accounting system
• Ensure management does not bypass established internal controls
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged or overdrawn for the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The expenditures drawn were allowable and within the period of performance. Cost objectives within the accounting system are used to track SSBG funding and then allowable charges are transferred to a different accounting code prior to the draws. The unit supervisor reviewed the cost objectives to verify available expenditures had been charged to support the grant draw. For the one draw in question the grant analyst was out of the office and due to a staffing shortage the transfer of expenditures was completed after the draw.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
We thank the Department for acknowledging the reconciliation of the draw amount questioned was not performed timely.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to verify whether the $6 million transfer to the SSBG grant was allowable and supported.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.32, Financial Settlement, states: The State must repay to the Department amounts found after audit resolution to have been expended improperly. In the event that repayment is not made voluntarily, the Department will undertake recovery.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
a. A State must minimize the time between the drawdown of Federal funds from the Federal government and their disbursement for Federal program purposes. A Federal Program Agency must limit a funds transfer to a State to the minimum amounts needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a Federal assistance program or project. The timing and amount of funds transfers must be as close as is administratively feasible to a State’s actual cash outlay for direct program costs and the proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A–102 (For availability, see 5 CFR 1310.3.).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-072 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the Social Services Block Grant program.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2202WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding.
The Department is required to submit annual SF-425 financial reports for each open SSBG grant. These reports contain information such as the federal grant number, the recipient organization, grant period, reporting period end date, and a summary of expenditures and revenues related to the grant during the reporting period.
The Department is also required to submit annual SSBG Post-Expenditure reports that describe how the Department expended its SSBG grant for each fiscal year. These reports include information such as:
1. The number of eligible people who received services that were fully or partially paid for with SSBG funds.
2. The amount of SSBG funds spent on providing each service.
3. The method(s) by which each service was provided, showing separately for each service provided by public agencies, private agencies, or both.
4. The criteria applied in determining eligibility for each service, such as income eligibility guidelines, sliding fee scales, the effect of public assistance benefits, and any requirements for enrollment in school or training programs.
5. The state’s definition of “child,” “adult,” and “family.”
6. Temporary Assistance for Needy Families funds transferred into SSBG
In its approved state plan, the Department has broad flexibility to design and administer the SSBG program. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Most of the expenditures charged to the SSBG program were initially incurred for other programs and transferred to the SSBG program. The Department periodically processed accounting adjustments to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program.
Financial Reporting – SF-425
We selected and examined the two SF-425 reports that the Department was required to submit in state fiscal year 2023. During the audit period, the Department processed expenditure transfers at the grant level. As a result, the Department did not identify the specific transactions, or provide the required level of supporting documentation, for 43 percent of payments to providers that were charged to the SSBG program. These transactions represented 18 percent of total SSBG expenditures. Therefore, we could not rely on the data supporting the Department’s reported SF-425 expenditures and could not determine if the reports were accurate and complete. This condition is also referenced in audit finding 2023-070.
Performance Reporting – Post-Expenditure Report
Department personnel said they reviewed and approved the Post-Expenditure Report workbook before the information was uploaded into the SSBG portal to ensure the data was complete and accurate. Department personnel then reviewed and approved the Post-Expenditure Report in the SSBG portal to ensure it was complete and accurate before management performed a final review, certified the report, and submitted it.
We selected and examined the only SSBG Post-Expenditure Report that the Department was required to submit during the audit period. We found no documented evidence that the appropriate Department personnel reviewed the Post-Expenditure Report Workbook and the SSBG Post-Expenditure Report for accuracy and completeness before management completed the final review and certification of the report.
The unsupported SF-425 expenditures identified above were also included in this report. Therefore, we could not rely on the data supporting the expenditures reported in the Department’s SSBG Post-Expenditure report and could not determine if it was accurate and complete.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said it did not review the Post-Expenditure Report Workbook and SSBG Post-Expenditure Report due to a lack of staffing.
The Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments that were used to support those adjustments.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure that expenditure amounts reported to the grantor are complete and accurate.
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible to audit some of the federal dollars it transferred to SSBG and reported on the SF-425 financial report and the SSBG Post-Expenditure report.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that management reviews reports along with supporting expenditure and revenue data to ensure completeness and accuracy
• Design and implement internal controls to ensure financial and program reports are supported with an adequate level of detail
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the SAO with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant and changes being requested prior to submission. Management reviewed the expenditure data prior to certifying and submitting the reports in the federal reporting system verifying the requested changes were made. The federal reporting system creates an email after certification which the Department shared with the SAO. The Department was unable to provide email communication between staff and management related to the approval of the changes requested as documentation of the final approval prior to management certifying the report in the federal system as requested by SAO.
SAO stated in the cause of condition that the Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments. The SAO tested a sample of 16,006 payments which totaled 94% of total provider payments charged to the grant. SAO found that all payments were for activities that were supported, allowable, authorized, and accurate. SAO did not test the remaining payments, which totaled 6% of the total provider payment charged to the grant, because the transfer of expenditures were not complete at the transaction level for those payments. Those remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
The Department stated that we tested 94 percent of total provider payments charged to the grant. However, this is not accurate. We randomly selected 118 provider payments, using a statistical sampling method, that came from a population that made up 57 percent of the total amount paid to providers. We were not able to perform testing for 43 percent of the total amount paid to providers because the Department could not provide an adequate level of support for the payments.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
A. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.74, Annual Reporting Requirements, establishes the reporting requirements for the Pre-Expenditure and Post-Expenditure program reports.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the Social Services Block Grant.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2202WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $8,518,020
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding. Of this amount, the Department paid about $19.8 million to providers for direct client services.
SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs and then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG.
Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to the SSBG grant to align with the Pre-Expenditure Report. The Department also said management performed a monthly reconciliation to verify the expenditures were for allowable activities and within the period of performance.
During our testing, we found the Department used the Pre-Expenditure report to identify eligible activities for the SSBG program and transferred funds accordingly. However, we found the Department did not perform monthly reconciliations to verify these expenditures were for allowable activities and within the period of performance.
We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowable, authorized, accurate and supported. We identified total provider payments of $19,767,744 that were transferred to the SSBG program during fiscal year 2023. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which are identified in the table below.
Provider payments for which the Department provided an adequate level of support
We used a statistical sampling method to randomly select and examine 118 out of a total sampling population of 16,006 payments. We also selected and examined two individually significant items.
We reviewed the supporting documentation, description of activities, and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate.
Provider payments for which the Department could not provide an adequate level of support
We were unable to perform testing on 1,102 payments totaling $8,518,020 because the Department was only able to provide summary level information. The Department was unable to provide an adequate level of support for us to determine whether the costs were for activities that were allowable, authorized, and within the period of performance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to staffing vacancies during the fiscal year, the Department did not perform monthly reconciliations to verify the expenditures were for allowable activities and within the period of performance.
In addition, the Department processed expenditure transfers at the grant level. As a result, the Department could not provide adequate level of expenditure for 43 percent of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities, and incurred during the period of performance.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit some of the federal dollars it transferred to SSBG.
We are questioning $8,518,020 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The expenditures were allowable and within the period of performance. Cost objectives within the accounting system are used to track SSBG funding. Expenditures eligible for the SSBG grant are transferred at the cost objective level and not the transaction level.
The SAO tested a sample of 16,006 payments which totaled 94% of total provider payments charged to the grant. SAO found that all payments were for activities that were supported, allowable, authorized, and accurate. SAO did not test the remaining payments, which totaled 6% of the total provider payment charged to the grant, because the transfer of expenditures were not complete at the transaction level for those payments. Those remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
The Department stated that we tested 94 percent of total provider payments charged to the grant. However, this is not accurate. We randomly selected 118 provider payments, using a statistical sampling method, that came from a population that made up 57 percent of the total amount paid to providers. We were not able to perform testing for 43 percent of the total amount paid to providers because the Department could not provide an adequate level of support for the payments.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure cash draws for the Social Services Block Grant were properly supported.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2022WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Known Questioned Cost Amount: $1,504,566
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding.
SSBG gave the Department broad flexibility to design and administer the program based on its approved SSBG Pre-Expenditure Report and Intended Use Plan. Expenditures the Department charged to SSBG during the audit period were activities initially incurred for other programs and transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report.
The Department uses the Grant Management System (GMS) to calculate draws for SSBG. GMS automatically uploads federal grant expenditures and revenues nightly from the Agency Financial Reporting System (AFRS), and it calculates cash draws on a semi-monthly basis, or as needed. GMS automatically calculates the federal grant cash draw amount by deducting revenues drawn to date from year-to-date expenditures. The Department periodically processed journal vouchers to transfer eligible expenditures to SSBG. In fiscal year 2023, the Department prepared draws twice per month on a reimbursement basis.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure cash draws for the SSBG were properly supported.
Department management said a supervisor reviewed expenditure reports from AFRS and the GMS system to ensure the cash draw for the period was supported, accurate and included expenditures incurred year to date. Management then reviewed the cash draw to ensure it was supported and accurate before requesting it.
We used a non-statistical sampling method to randomly select and examine five out of a total population of 10 cash draws to determine if they were supported by accounting records. We found one cash draw that the Department made on January 10, 2023, where the GMS-calculated draw amount was negative $4,495,434. Instead of returning the overdrawn funds, the Department made a drawdown for $1,504,566 by manually adjusting the current draw amount to be $6 million in GMS. This draw was based on the Department’s estimate that it had sufficient eligible expenditures. However, the Department did not identify eligible expenditures, and did not process an accounting adjustment to transfer eligible expenditures into SSBG until February 9, 2023, one month after the cash draw was made. We determined that management had reviewed and approved this draw, but it was not supported or accurate.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department identified $4,495,434 in costs that had been improperly charged to the SSBG grant, and then moved them to a different funding source in the accounting system on December 13, 2022, and December 22, 2022. Management estimated the Department had sufficient eligible expenditures in the accounting system to support the overdrawn amount, as well as an additional $1,504,566 cash draw. However, due to competing priorities and staffing issues, the Department did not identify eligible expenditures and transfer them to SSBG before making the draw.
Effect of Condition and Questioned Costs
By not reviewing expenditure reports, the Department could not verify whether it had sufficient eligible expenditures in the accounting system to support the draw. In addition, by not transferring eligible expenditures to the SSBG program timely, the cash drawdown was not supported by expenditures in the accounting system.
We are questioning the $1,504,566 cash draw because we cannot determine whether the manual adjustment of $6 million was for eligible costs for the SSBG program, as the Department was unable to provide an adequate level of expenditure to determine whether the costs were supported.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it only draws federal funds if they are supported in the accounting system
• Ensure management does not bypass established internal controls
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged or overdrawn for the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The expenditures drawn were allowable and within the period of performance. Cost objectives within the accounting system are used to track SSBG funding and then allowable charges are transferred to a different accounting code prior to the draws. The unit supervisor reviewed the cost objectives to verify available expenditures had been charged to support the grant draw. For the one draw in question the grant analyst was out of the office and due to a staffing shortage the transfer of expenditures was completed after the draw.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
We thank the Department for acknowledging the reconciliation of the draw amount questioned was not performed timely.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to verify whether the $6 million transfer to the SSBG grant was allowable and supported.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.32, Financial Settlement, states: The State must repay to the Department amounts found after audit resolution to have been expended improperly. In the event that repayment is not made voluntarily, the Department will undertake recovery.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
a. A State must minimize the time between the drawdown of Federal funds from the Federal government and their disbursement for Federal program purposes. A Federal Program Agency must limit a funds transfer to a State to the minimum amounts needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a Federal assistance program or project. The timing and amount of funds transfers must be as close as is administratively feasible to a State’s actual cash outlay for direct program costs and the proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A–102 (For availability, see 5 CFR 1310.3.).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-072 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the Social Services Block Grant program.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2202WASOSR; 2302WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth, and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation, and licensing staff. In fiscal year 2023, the Department spent about $45.8 million in federal funding.
The Department is required to submit annual SF-425 financial reports for each open SSBG grant. These reports contain information such as the federal grant number, the recipient organization, grant period, reporting period end date, and a summary of expenditures and revenues related to the grant during the reporting period.
The Department is also required to submit annual SSBG Post-Expenditure reports that describe how the Department expended its SSBG grant for each fiscal year. These reports include information such as:
1. The number of eligible people who received services that were fully or partially paid for with SSBG funds.
2. The amount of SSBG funds spent on providing each service.
3. The method(s) by which each service was provided, showing separately for each service provided by public agencies, private agencies, or both.
4. The criteria applied in determining eligibility for each service, such as income eligibility guidelines, sliding fee scales, the effect of public assistance benefits, and any requirements for enrollment in school or training programs.
5. The state’s definition of “child,” “adult,” and “family.”
6. Temporary Assistance for Needy Families funds transferred into SSBG
In its approved state plan, the Department has broad flexibility to design and administer the SSBG program. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Most of the expenditures charged to the SSBG program were initially incurred for other programs and transferred to the SSBG program. The Department periodically processed accounting adjustments to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program.
Financial Reporting – SF-425
We selected and examined the two SF-425 reports that the Department was required to submit in state fiscal year 2023. During the audit period, the Department processed expenditure transfers at the grant level. As a result, the Department did not identify the specific transactions, or provide the required level of supporting documentation, for 43 percent of payments to providers that were charged to the SSBG program. These transactions represented 18 percent of total SSBG expenditures. Therefore, we could not rely on the data supporting the Department’s reported SF-425 expenditures and could not determine if the reports were accurate and complete. This condition is also referenced in audit finding 2023-070.
Performance Reporting – Post-Expenditure Report
Department personnel said they reviewed and approved the Post-Expenditure Report workbook before the information was uploaded into the SSBG portal to ensure the data was complete and accurate. Department personnel then reviewed and approved the Post-Expenditure Report in the SSBG portal to ensure it was complete and accurate before management performed a final review, certified the report, and submitted it.
We selected and examined the only SSBG Post-Expenditure Report that the Department was required to submit during the audit period. We found no documented evidence that the appropriate Department personnel reviewed the Post-Expenditure Report Workbook and the SSBG Post-Expenditure Report for accuracy and completeness before management completed the final review and certification of the report.
The unsupported SF-425 expenditures identified above were also included in this report. Therefore, we could not rely on the data supporting the expenditures reported in the Department’s SSBG Post-Expenditure report and could not determine if it was accurate and complete.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management said it did not review the Post-Expenditure Report Workbook and SSBG Post-Expenditure Report due to a lack of staffing.
The Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments that were used to support those adjustments.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure that expenditure amounts reported to the grantor are complete and accurate.
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible to audit some of the federal dollars it transferred to SSBG and reported on the SF-425 financial report and the SSBG Post-Expenditure report.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that management reviews reports along with supporting expenditure and revenue data to ensure completeness and accuracy
• Design and implement internal controls to ensure financial and program reports are supported with an adequate level of detail
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the SAO with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant and changes being requested prior to submission. Management reviewed the expenditure data prior to certifying and submitting the reports in the federal reporting system verifying the requested changes were made. The federal reporting system creates an email after certification which the Department shared with the SAO. The Department was unable to provide email communication between staff and management related to the approval of the changes requested as documentation of the final approval prior to management certifying the report in the federal system as requested by SAO.
SAO stated in the cause of condition that the Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments. The SAO tested a sample of 16,006 payments which totaled 94% of total provider payments charged to the grant. SAO found that all payments were for activities that were supported, allowable, authorized, and accurate. SAO did not test the remaining payments, which totaled 6% of the total provider payment charged to the grant, because the transfer of expenditures were not complete at the transaction level for those payments. Those remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data.
Auditor’s Remarks
The Department stated that we tested 94 percent of total provider payments charged to the grant. However, this is not accurate. We randomly selected 118 provider payments, using a statistical sampling method, that came from a population that made up 57 percent of the total amount paid to providers. We were not able to perform testing for 43 percent of the total amount paid to providers because the Department could not provide an adequate level of support for the payments.
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
A. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures appliable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.74, Annual Reporting Requirements, establishes the reporting requirements for the Pre-Expenditure and Post-Expenditure program reports.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-083 The Department of Social and Health Services did not have adequate internal controls to ensure individuals are eligible to receive benefits for the Money Follows the Person program.
Assistance Listing Number and Title: 93.791 Money Follows the Person Rebalancing Demonstration Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 1LICMS300141-01-23
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Money Follows the Person (MFP) Rebalancing Demonstration program supports state strategies to rebalance their long-term services and supports systems from institutional to community-based care. The Roads to Community Living demonstration project is Washinton’s application of MFP. Originally funded in 2007, the program is currently projected to continue through 2027. The program is jointly administered by the Department’s Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) both serving MFP beneficiaries. Additionally, in 2013, Washington was one of five states awarded funding to participate in an MFP Tribal Initiative to work with qualified Tribes and/or Tribal Organizations to develop culturally responsive home and community-based services and to implement strategies to reduce the use of institutional care for Tribal members.
The Department must ensure that benefits are paid to, or on behalf of, individuals eligible for the program and ensure benefits are discontinued when the period of eligibility expires. Eligible individuals include those receiving Medicaid inpatient services who are interested in moving from a state institutional setting, such as a hospital, nursing home, or intermediate care facility to a qualified community setting, including an adult family home, assisted living facility, or enhanced adult residential care facility. The Department uses a combination of monthly reports, annual assessments, and internal communication forms to ensure only eligible individuals receive paid benefits on the program. Specifically, the Department’s ALTSA Long-Term Care Manual, Chapter 29; Roads to Community Living, specifies that Department staff are required to complete a Financial and Social Services Communication form 14-443, or form 15-345 if the individual is enrolled in a DDA program, to communicate the individual’s eligibility status for various program services. The Department utilizes these forms to document the commencement and discontinuation of an individual’s benefits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure individuals are eligible to receive benefits for the MFP program.
We used a statistical sampling method to randomly select and review 58 out of 2,249 individuals determined eligible to receive program benefits during the audit period. We identified four instances (7 percent) where the Department did not complete a form 14-443 or 15-345 to inform appropriate personnel of the individual’s eligibility status, and terminate the individual’s enrollment, if required.
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not effectively monitor case managers to ensure that Forms 14-443 and 15-345 were completed when clients were determined eligible, or ineligible to receive assistance under the program. Department staff responsible for submitting the forms did not follow the guidance in the ALTSA Long-Term Care Manual.
Effect of Condition
By not following prescribed internal controls, the Department is at a higher risk of authorizing benefits to individuals that do not meet all eligibility requirements.
Recommendation
We recommend that the Department improve its internal controls to ensure all eligibility determinations are documented using the Department’s approved forms, in accordance with the Manual.
Department’s Response
The Department partially agrees with the finding.
We agree 14-443s were not provided to terminate the individuals’ enrollment. However, in all exceptions identified, the 14-443 Communication was made in accordance with existing Nursing Facility Case Management policy as defined in Chapter 10 of the Long-Term Care manual. In addition, all clients met eligibility criteria for Roads to Community Living (RCL) services or converted to another Home and Community Based program within the 365-day RCL demonstration year limitation, despite the RCL disenrollment date’s absence on the 14-443 communication.
In these cases, the client converted to a state plan or waiver and this new program’s start date was provided on the 14-443. For Modified Adjusted Grose Income (MAGI) participants, 14-443 Communications are not required, as this form is a communication tool for Public Benefit Specialists. MAGI enrolled Medicaid participants’ benefits are managed by the Health Care Authority, and therefore a 14-443 Communication detailing the RCL Demonstration start, and projected end date is not managed or worked by a Public Benefits Specialist. This MAGI beneficiary communication detail was not articulated in the Roads to Community Living chapter of the LTC Manual.
Effective April 30, 2024, Chapter 29 of the Long-Term Care Manual will be updated to clarify instructions related to when a 14-443 must be completed as it relates to MAGI participants and what needs to be included on the form when the 14-443 is required.
Auditor’s Remarks
Prior to performing our testing, we held meetings with the Department to gain an understanding of their internal controls regarding eligibility for the MFP program. The Department provided documentation of policies and procedures that they determined were applicable to eligibility for the program, but did not include Chapter 10 of the Long-Term Care manual. Based on the information and documentation that the Department provided, we identified their key internal controls related to program eligibility. The Department confirmed the controls we identified were correct, and they stated, in part, that form 14-443 must be completed at the time of transition to a community setting and disenrollment. The confirmed key controls did not include alternative methods for MAGI participants.
We reaffirm our finding and appreciate the Department's commitment to resolving this matter. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Department of Social and Health Services, Aging and Long-Term Support Administration (ALTSA) Long-Term Care Manual, Chapter 29 – Roads to Community Living, states in part:
Authorizing RCL Services for HCS clients
As soon as the participant transitions from the institution:
9. Using the 14-443, notify the Public Benefits Specialist of the discharge date from the nursing facility and complete the RCL portions of 14-443, including the RCL 365 day end date, which is located in the RCL Enroll/Disenroll screen. (Reminder: the RCL 365 day end date needs to match the RCL RAC end date)
At the conclusion of the participant’s 365 day demonstration period, the Case Manager/Case Resource Manager:
5. Notify the PBS on a DSHS 14-443 (for HCS/AAA) or a DSHS 15-345 (for DDA) in Barcode and include:
a. The date of the disenrollment from RCL services.
b. The program the participant is functionally eligible for (state plan/Medicaid waiver).
c. The setting of the services (in-home, AFH, etc.)
d. Update the address, if necessary.
Authorizing RCL Services for Individuals Enrolled in DDA
When the participant is approaching discharge from the facility, the DDA Case Resource Manager (CRM) shall:
• Notify the financial worker that the individual is an RCL participant on the RCL version of the DSHS 15-345 in Barcode and include the following:
a. The date of discharge from the institutional setting onto RCL services
b. The setting that RCL services will take place (in-home, AFH, etc.)
c. The new address
d. A request to complete the Authorized Representative (AREP) screen in ACES per normal procedures so the CRM can receive the financial letters.
2. A request that the financial worker open a waiver program in ACES.
What Are the Case Worker’s Responsibilities With the RCL Program?
RCL services for all participants must end by day 366 (on or before day 365). At that time, they must be transitioned to the waiver or state plan services available to them based on their financial and functional eligibility.
How Do I Disenroll an RCL Participant?
4. Notify the Public Benefits Specialist using Form 14-443 (HCS/AAA) or a DSHS 15-345 (DDA) in Barcode and include:
a. The date of the disenrollment from RCL services.
Which program the participant is functionally eligible for (state plan/waiver) and the start date for this new program (if applicable).
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-084 The Health Care Authority did not have adequate internal controls to ensure payments to providers for the Block Grants for Prevention and Treatment of Substance Abuse program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $3,447,346
Prior Year Audit Finding: Yes, Finding 2022-067
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, $58 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), which is the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SABG and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards.
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SABG subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities, and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In fiscal year 2022, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SABG program were allowable and met period of performance requirements. The prior finding number was 2022-067.
Additionally, in the fiscal year 2020 and 2021 audits, we reported the Authority did not have adequate internal controls to ensure payments made under the SABG program met the period of performance requirements. The prior finding numbers were 2020-059 and 2021-057.
Description of Condition
The Authority did not have adequate internal controls to ensure payments to providers for the SABG program were allowable and met period of performance requirements.
Year-end Estimated Accruals
During the audit period, the FFR unit recorded three state fiscal year-end estimated accruals totaling $19,885,335. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $16,438,274 in liquidations processed after the state fiscal year close. We used a statistical sampling method and randomly selected and examined 54 out of a total population of 360 including three individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
Transaction Testing
We judgmentally selected and examined three out of a total population of 16 expenditures made during the SABG federal fiscal year 2021 award liquidation period. We found one (33 percent) estimated accrual that was partially unsupported to ensure the award’s period of performance requirements were met.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. In addition, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided and reimbursement requests are received.
Additionally, the Authority did not properly monitor to ensure accrual charges occurred within the award’s period of performance.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SABG expenditures reported on the Schedule of Expenditures of Federal Awards are for allowable activities and within the period of performance.
We identified $3,447,061 in known questioned costs related to estimated year-end accruals.
For the federal fiscal year 2021 award that closed during the audit period, we identified questioned costs totaling $285 for an accrued expenditure that did not have documented support showing they occurred within the award’s period of performance.
In total, we identified $3,447,346 in known federal questioned costs.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquated provider payments to specific year-end estimated accruals
• Improve its internal controls to ensure payments are within the award’s period of performance
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $3,447,061 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of FY 23 expenditures for which invoices have not been received. There are no funds associated with the $3.4 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a statistical sample of liquidations made against the accruals without error. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during FY 23.
The Authority partially concurs with the unsupported $285 portion of an accrual. Due to human error when reversing an accrual, the full amount was not completely removed leaving a difference of $285. However, this was limited to an accrual transaction, no funds would have been drawn and this remained an error in the accounting system. There are no funds to return to the grantor.
By questioning unliquidated expenditures based on a reasonable accrual methodology, the auditor is taking issue with the Authority’s operations rather than identifying noncompliant grant practices. The implication from the auditor’s recommendations and referenced laws and regulations is that the $3.4 million should not have been reported on the Schedule of Expenditures of Federal Awards (SEFA). However, there is no evidence these expenditures were unallowable, drawn erroneously from the grantor, or outside the period of performance. Removing the $3.4 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
To provide assurance over activities allowed, cost principles, and period of performance the auditors tested three samples:
• A sample of 58 transactions recording expenditures on the SEFA which had been paid during FY 23
• A sample of 57 liquidation transactions made against the estimated FY 23 SEFA accruals
• A judgmental sample of three transactions recorded against the 2021 SABG award
The first two samples consisted of 115 transactions and $11,662,297 and all tested without error. The third sample contained three transactions totaling $73,761 judgmentally selected from a population of 16 transactions and contained one error of $285.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee's financial statements which must include the total Federal awards expended as determined in accordance with § 75.502.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures, verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SABG only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures. Not needed for MHBG.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SABG, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2023-085 The Health Care Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-068
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds. Of this amount, the Authority passed about $58 million to subrecipients.
Federal regulations require the Authority to spend no more than 5 percent of the federal program funds on administrative costs of the grant, as well as a minimum of 20 percent of total grant funds on primary prevention programs for people who do not require treatment.
The Authority has written procedures in place to ensure it meets earmarking requirements. Authority staff run monthly reports from the agency’s accounting system to track expenditures for these requirements to ensure they are met at the time the grant closes. These reports, along with calculations to monitor these requirements, are maintained in a monthly tracking workbook. Management reviews these workbooks and sends an email to program staff to document the review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls and did not comply with earmarking requirements for the program. The prior finding numbers were 2022-068 and 2021-056.
Description of Condition
The Authority did not have adequate internal controls over earmarking requirements for the Block Grants for Prevention and Treatment of Substance Abuse.
We used a non-statistical sampling method to randomly select and examine 10 monthly tracking workbooks out of a total population of 45. We found that for six of the samples (60 percent), the workbooks were completed, but were missing the manager email confirming that they had been reviewed to ensure the tracking was being correctly calculated and monitored.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Authority implemented new procedures to ensure tracking workbooks were reviewed monthly by management. However, written documentation of this review was not maintained.
Effect of Condition
By not establishing adequate internal controls, the Authority cannot ensure it meets earmarking requirements.
Recommendation
We recommend the Authority improve internal controls to ensure that management review is documented and retained.
Authority’s Response
The Authority concurs with the finding. However, the Authority does not concur that the condition identified by the auditor posed a material risk to the program. Tracking workbooks were completed and reviewed throughout the entire fiscal year, however documentation of review was not maintained until December. Beginning December 2022, documentation of review was available for the remainder of the fiscal year. Any potential material noncompliance should have been detected.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-086 The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Prevention and Treatment of Substance Abuse.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002,6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-069
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG). The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal program funds, including about $58 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Authority is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
A subaward identification form, which contains all the required reporting information, is included when the Authority creates a new SABG subaward or amendment. After it is signed by all parties, contract unit staff sends the subaward identification form through email to the behavioral health unit. Behavioral health staff review these emails and complete the report as required. There were 85 SABG subawards and amendments that were required to be reported in fiscal year 2023, totaling $45,362,623.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SABG program. The prior finding numbers were 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $45.4 million of program funds that it awarded to subrecipients through 85 new and amended subawards for the primary SABG awards. We used a non-statistical sampling method to randomly select and examine 14 of the 85 subawards and amendments, and found that four (29 percent), totaling $1.45 million, were not reported in FSRS.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority is in the process of developing written procedures to ensure the reports are submitted as required, but they were not fully implemented during the audit period.
For the subawards not reported, the contract unit did not send the subaward identification form to the behavioral health staff, so the subawards were not reported in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Establish policies and procedures for filing required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information so future reports are submitted completely and timely
Authority’s Response
HCA concurs with the findings. HCA did not have an established process to ensure that HCA’s Federal Financial Reporting section received executed subawards for FFATA reporting from HCA’s Office of Contracts and Procurement for the entirety of fiscal year 2023. The process was established in July 2022 and is currently operational. However, some subawards with a July 1 start date had been executed in the prior fiscal year before the process was established.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
2023-087 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Prevention and Treatment of Substance Abuse
93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 6B08TI083486-01M002, 6B08TI083486-01M003, 6B08TI083486-01M004, 1B08TI083977-01, 1B08TI083519-01, 6B08TI083519-01M001, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-066
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Prevention and Treatment of Substance Abuse (SABG) program. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2023, the Authority spent about $70.1 million in federal SABG funds. Of this amount, the Authority passed about $58 million to 126 SABG subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Authority did not have adequate controls over and did not comply with requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2022-066.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SABG program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority did not have written policies or procedures over its process for tracking subrecipients’ single audits. Furthermore, the Authority chose not to provide the tracking workbooks that we requested so we could develop and complete our compliance tests with the federal requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As stated above, Authority management chose not to provide documentation to demonstrate that the agency was compliant with federal requirements.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
In addition, because the Authority chose to not provide documentation needed for testing, we were unable to determine if it was compliant with federal regulations.
Recommendations
We recommend the Authority:
• Establish and follow policies and procedures to ensure subrecipients obtain required single audits
• Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the SABG program
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Provide requested documentation to auditors
Authority’s Response
Authority concurs that it needs to improve internal controls and did not fully comply federal requirements relating to single audit tracking. HCA does not concur with the other conditions noted.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
2023-011 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-34801-20-55-A-53
AA-36352-21-55-A-53
AA-38562-22-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers, and youth. In fiscal year 2023, the Department spent about $69.7 million in WIOA federal funding, including about $65 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 20 WIOA subawards and amendments that were required to be reported in fiscal year 2023, totaling $52,126,097.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the WIOA grant.
The Department does not have written procedures over this reporting process. During the audit period, Department officials said that management reviews the reports to ensure they are accurate and submitted timely. However, there was no documentation to demonstrate the reviews occurred.
During the audit period, the Department was required to report 20 subawards totaling about $52 million of program funds that was awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine seven out of the total population of 20 subawards. We found:
• Two out of seven subawards (29 percent), totaling $94,618, were not reported in FSRS.
• The other five subawards (71 percent), totaling $23,067,323, had the incorrect subaward obligation/action dates, and we were unable to determine if they were submitted timely.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have procedures in place to ensure management’s review was documented and effective, reports were retained when submitted, and FSRS login credentials were retained with staff changes. The manager responsible for reviewing this report is no longer with the Department. This person was the only staff with FSRS login credentials for the subawards we tested, so other Department officials were not able to log into the system to see when the subawards were submitted.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports timely and accurately
• Establish policies and procedures for filing reports
• Provide training for employees who prepare the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has implemented procedures to ensure reports are submitted timely, reviewed and submission dates are documented. Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-011 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-34801-20-55-A-53
AA-36352-21-55-A-53
AA-38562-22-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers, and youth. In fiscal year 2023, the Department spent about $69.7 million in WIOA federal funding, including about $65 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 20 WIOA subawards and amendments that were required to be reported in fiscal year 2023, totaling $52,126,097.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the WIOA grant.
The Department does not have written procedures over this reporting process. During the audit period, Department officials said that management reviews the reports to ensure they are accurate and submitted timely. However, there was no documentation to demonstrate the reviews occurred.
During the audit period, the Department was required to report 20 subawards totaling about $52 million of program funds that was awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine seven out of the total population of 20 subawards. We found:
• Two out of seven subawards (29 percent), totaling $94,618, were not reported in FSRS.
• The other five subawards (71 percent), totaling $23,067,323, had the incorrect subaward obligation/action dates, and we were unable to determine if they were submitted timely.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have procedures in place to ensure management’s review was documented and effective, reports were retained when submitted, and FSRS login credentials were retained with staff changes. The manager responsible for reviewing this report is no longer with the Department. This person was the only staff with FSRS login credentials for the subawards we tested, so other Department officials were not able to log into the system to see when the subawards were submitted.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports timely and accurately
• Establish policies and procedures for filing reports
• Provide training for employees who prepare the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has implemented procedures to ensure reports are submitted timely, reviewed and submission dates are documented. Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-011 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-34801-20-55-A-53
AA-36352-21-55-A-53
AA-38562-22-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers, and youth. In fiscal year 2023, the Department spent about $69.7 million in WIOA federal funding, including about $65 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 20 WIOA subawards and amendments that were required to be reported in fiscal year 2023, totaling $52,126,097.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the WIOA grant.
The Department does not have written procedures over this reporting process. During the audit period, Department officials said that management reviews the reports to ensure they are accurate and submitted timely. However, there was no documentation to demonstrate the reviews occurred.
During the audit period, the Department was required to report 20 subawards totaling about $52 million of program funds that was awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine seven out of the total population of 20 subawards. We found:
• Two out of seven subawards (29 percent), totaling $94,618, were not reported in FSRS.
• The other five subawards (71 percent), totaling $23,067,323, had the incorrect subaward obligation/action dates, and we were unable to determine if they were submitted timely.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have procedures in place to ensure management’s review was documented and effective, reports were retained when submitted, and FSRS login credentials were retained with staff changes. The manager responsible for reviewing this report is no longer with the Department. This person was the only staff with FSRS login credentials for the subawards we tested, so other Department officials were not able to log into the system to see when the subawards were submitted.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports timely and accurately
• Establish policies and procedures for filing reports
• Provide training for employees who prepare the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has implemented procedures to ensure reports are submitted timely, reviewed and submission dates are documented. Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-011 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-34801-20-55-A-53
AA-36352-21-55-A-53
AA-38562-22-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers, and youth. In fiscal year 2023, the Department spent about $69.7 million in WIOA federal funding, including about $65 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 20 WIOA subawards and amendments that were required to be reported in fiscal year 2023, totaling $52,126,097.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act for the WIOA grant.
The Department does not have written procedures over this reporting process. During the audit period, Department officials said that management reviews the reports to ensure they are accurate and submitted timely. However, there was no documentation to demonstrate the reviews occurred.
During the audit period, the Department was required to report 20 subawards totaling about $52 million of program funds that was awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine seven out of the total population of 20 subawards. We found:
• Two out of seven subawards (29 percent), totaling $94,618, were not reported in FSRS.
• The other five subawards (71 percent), totaling $23,067,323, had the incorrect subaward obligation/action dates, and we were unable to determine if they were submitted timely.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have procedures in place to ensure management’s review was documented and effective, reports were retained when submitted, and FSRS login credentials were retained with staff changes. The manager responsible for reviewing this report is no longer with the Department. This person was the only staff with FSRS login credentials for the subawards we tested, so other Department officials were not able to log into the system to see when the subawards were submitted.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports timely and accurately
• Establish policies and procedures for filing reports
• Provide training for employees who prepare the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has implemented procedures to ensure reports are submitted timely, reviewed and submission dates are documented. Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-034 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $378,206
Prior Year Audit Finding: Yes, Finding 2022-025
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identifies the amount of funds the Office must distribute to its LEAs on a formula basis, as well as the amount it can set aside for administration and other state-level activities. The Office was awarded $8,433,118 for the fiscal year 2021 IDEA Preschool Grant. From this award, $2,222,340 was earmarked to be spent on state-level activities. This is split between administrative costs of up to $444,468 and other state-level activities for the remaining amount.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program. The prior finding number was 2022-025.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program.
During the audit period, the Office did not accurately track expenditures for administration and other state-level activities. For the life of the grant, the Office spent $2,600,340 on other state-level activities, which exceeded the maximum by $378,206. As a result, we are questioning the $378,206 as unallowable state-level costs.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Although management were aware of the required earmarks, the Office did not address identified variances in the spending plan for them. This was due in part to staff changes within the program that led to inconsistencies in tracking expenditures of the earmarked funds.
Effect of Condition and Questioned Costs
Without adequate internal controls, the Office cannot ensure that it meets the grant’s earmarking requirements. By not complying with the grant’s earmarking requirements, the Office improperly spent $378,206 on activities that exceeded the allowable earmarked amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Office:
• Improve internal controls to ensure it does not exceed the maximum allowable amounts that are earmarked for administration and other state-level activities
• Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. When special education fiscal leadership transitioned in 2021, the incoming director identified necessary changes in agency procedures for closing out the fiscal year for special education. Since that time, the following internal controls have been fully implemented to ensure spending plans do not exceed the maximum allowable amounts earmarked for administration and other state-level activities:
1. At the beginning of the fiscal year, the Director of Operations/Budget Analysis meet to review the criteria for spending plans.
2. Copies of GAN and Grants to States Summary Table and Preschool Grants to States Summary Table are shared with the Budget Analysis.
3. Director of Operations/Budget Analysis meet to review the GAN and Grants to States Summary Table and Preschool Grants to States Summary Table.
4. Director of Operations/Budget Analysis meet to review spending plan and update the maximum allowable amounts earmarked for administration and other state-level activities in the spending plan.
5. Maximum allowable amounts earmarked for administration and other state-level activities are reviewed throughout the fiscal year.
6. Director of Operations/Budget Analysis meet weekly to review spending plan.
7. Spending Plan updated as requests are received.
8. Monthly expenditure reports are produced and during weekly meetings, Director of Operations/Budget Analysis review expenditures.
These internal controls have contributed to increased communication and partnership between the Director of Operations/Budget Analysis. With implementing these consistent controls, we can ensure that maximum allowable amounts that are earmarked for administration and other state-level activities will meet compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 34 CFR Part 300, Assistance to States for the Education of Children with Disabilities, states in part:
Section 300.812 Reservation for State activities, states:
a. Each State may reserve not more than the amount described in paragraph (b) of this section for administration and other State-level activities in accordance with §§ 300.813 and 300.814.
b. For each fiscal year, the Secretary determined and reports to the SEA an amount that is 25% of the amount the State received under section 619 of the Act for fiscal year 1997 cumulatively adjusted by the secretary for each succeeding fiscal year by the lesser of –
1. The percentage increase, if any, from the preceding fiscal year in the State’s allocation under section 619 of the Act; or
2. The rate of inflation, as measured by the percentage increase, if any, from the preceding fiscal year in the Consumer Price Index for All Urban Consumers, published by the Bureau of Labor Statistics to the Department of Labor.
Section 300.813 State administration, states:
a. For the purpose of administering section 619 of the Act (including the coordination of activities under Part B with the Act with, and providing technical assistance to, other programs that provide services to children with disabilities), a State may use not more than 20 percent of the maximum amount the State may reserve under § 300.812 for any fiscal year.
b. Funds described in paragraph (a) of this section may also be used for the administration of Part C of the Act.
Section 300.814 Other State-level activities.
Each State must use any funds the State reserves under § 300.812 and does not use for administration under § 300.813 –
a. For support services (including establishing and implementing the mediation process required by section 615€ of the Act), which may benefit children with disabilities younger than three or older than five as long as those services also benefit children with disabilities aged three through five;
b. For direct services for children eligible for services under section 619 of the Act;
c. For activities at the State and local levels to meet the performance goals established by the State under section 612(a)(15) of the Act;
d. To supplement other funds used to develop and implement a statewide coordinated services system designed to improve results for children and families, including children with disabilities and their families, but not more than one percent of the amount received under section 619 of the Act for a fiscal year;
e. To provide early intervention services (which must include an educational component that promotes school readiness and incorporates preliteracy, language, and numeracy skills) in accordance with Part C of the Act to children with disabilities who are eligible for services under section 619 of the Act and who previously received services under Part C of the Act until such children enter, or are eligible under State law to enter, kindergarten; or
f. At the State's discretion, to continue service coordination or case management for families who receive services under Part C of the Act, consistent with § 300.814(e)
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-035 The Office of Superintendent of Public Instruction improperly charged $42,265 to the Special Education Cluster.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $42,265
Prior Year Audit Finding: No
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identified that obligations charged to the fiscal year 2021 Special Education grants must be liquidated within 120 days after the budget period ended on September 30, 2022.
Description of Condition
The Office improperly charged $42,265 to the Special Education Cluster.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. However, we examined two charges that were coded to the fiscal year 2021 Special Education grants after the liquidation period ended. We reviewed the supporting documentation for each expenditure to ensure it was allowable and took place during the period of performance. We found that both charges were recorded after the liquidation period for services and purchases that occurred during the period of performance.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2021 IDEA, Part B grants after the liquidation period ended, and did not request a late liquidation from the U.S Department of Education.
Effect of Condition and Questioned Costs
We identified $42,265 in questioned costs that were paid outside the program’s period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
OSPI has established internal controls to address allowable periods for journal vouchers (corrections). The correction cycle will be aligned with federally established liquidation periods. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum
• Complete expenditure corrections within the grant liquidation period
• Liquidation is done on the last business day of January (or 120 days after the budget period ends)
• Submit late liquidation requests to the appropriate federal point of contact, as needed
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2021 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H173A200074 and H027A200074 as July 1, 2018, through September 30, 2021.
Title 20 United States Code 1225(b), Section 421(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months
2023-036 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074 – 20A; H027A210074 – 21A; H027A220074 – 21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-026
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and it passed about $278 million of that funding through to LEAs and all nine educational service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office provided training to ESDs on the new monitoring manual for them. It also updated the ESD contracts to reflect monitoring activities that would start during the 2022–23 school year. Documentation for these monitoring activities is not required to be submitted until February 2024. Since the Office did not plan to review monitoring until March 2024, it did not perform risk assessments of any ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. In April 2022, OSPI Special Education division revised and expended the form package that Educational Service Districts (ESDs) need to submit as part of year-end reporting. Additionally, ESDs are required to respond to a services of questions and provide applicable documentation for contracts and procurement, time and effort process and reports, documentation for professional development expenditures, and year-end expenditure reports.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to an onsite visit if deemed necessary.
In March 2023 the Special Education Office finalized the Fiscal Monitoring Procedures Handbook for ESDs. The following timeline has been developed for full implementation of the corrective actions:
• ESDs are required to upload documentation by February 1, 2024.
• The Special Education Office will complete reviews of submitted documents and issue reports to ESDs by February 2024. Reports will identify any required of recommended corrective actions.
• The Special Education Office will issue final reports to ESDs within 60 calendar days after documentation review by March 2024.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-034 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $378,206
Prior Year Audit Finding: Yes, Finding 2022-025
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identifies the amount of funds the Office must distribute to its LEAs on a formula basis, as well as the amount it can set aside for administration and other state-level activities. The Office was awarded $8,433,118 for the fiscal year 2021 IDEA Preschool Grant. From this award, $2,222,340 was earmarked to be spent on state-level activities. This is split between administrative costs of up to $444,468 and other state-level activities for the remaining amount.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program. The prior finding number was 2022-025.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program.
During the audit period, the Office did not accurately track expenditures for administration and other state-level activities. For the life of the grant, the Office spent $2,600,340 on other state-level activities, which exceeded the maximum by $378,206. As a result, we are questioning the $378,206 as unallowable state-level costs.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Although management were aware of the required earmarks, the Office did not address identified variances in the spending plan for them. This was due in part to staff changes within the program that led to inconsistencies in tracking expenditures of the earmarked funds.
Effect of Condition and Questioned Costs
Without adequate internal controls, the Office cannot ensure that it meets the grant’s earmarking requirements. By not complying with the grant’s earmarking requirements, the Office improperly spent $378,206 on activities that exceeded the allowable earmarked amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Office:
• Improve internal controls to ensure it does not exceed the maximum allowable amounts that are earmarked for administration and other state-level activities
• Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. When special education fiscal leadership transitioned in 2021, the incoming director identified necessary changes in agency procedures for closing out the fiscal year for special education. Since that time, the following internal controls have been fully implemented to ensure spending plans do not exceed the maximum allowable amounts earmarked for administration and other state-level activities:
1. At the beginning of the fiscal year, the Director of Operations/Budget Analysis meet to review the criteria for spending plans.
2. Copies of GAN and Grants to States Summary Table and Preschool Grants to States Summary Table are shared with the Budget Analysis.
3. Director of Operations/Budget Analysis meet to review the GAN and Grants to States Summary Table and Preschool Grants to States Summary Table.
4. Director of Operations/Budget Analysis meet to review spending plan and update the maximum allowable amounts earmarked for administration and other state-level activities in the spending plan.
5. Maximum allowable amounts earmarked for administration and other state-level activities are reviewed throughout the fiscal year.
6. Director of Operations/Budget Analysis meet weekly to review spending plan.
7. Spending Plan updated as requests are received.
8. Monthly expenditure reports are produced and during weekly meetings, Director of Operations/Budget Analysis review expenditures.
These internal controls have contributed to increased communication and partnership between the Director of Operations/Budget Analysis. With implementing these consistent controls, we can ensure that maximum allowable amounts that are earmarked for administration and other state-level activities will meet compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 34 CFR Part 300, Assistance to States for the Education of Children with Disabilities, states in part:
Section 300.812 Reservation for State activities, states:
a. Each State may reserve not more than the amount described in paragraph (b) of this section for administration and other State-level activities in accordance with §§ 300.813 and 300.814.
b. For each fiscal year, the Secretary determined and reports to the SEA an amount that is 25% of the amount the State received under section 619 of the Act for fiscal year 1997 cumulatively adjusted by the secretary for each succeeding fiscal year by the lesser of –
1. The percentage increase, if any, from the preceding fiscal year in the State’s allocation under section 619 of the Act; or
2. The rate of inflation, as measured by the percentage increase, if any, from the preceding fiscal year in the Consumer Price Index for All Urban Consumers, published by the Bureau of Labor Statistics to the Department of Labor.
Section 300.813 State administration, states:
a. For the purpose of administering section 619 of the Act (including the coordination of activities under Part B with the Act with, and providing technical assistance to, other programs that provide services to children with disabilities), a State may use not more than 20 percent of the maximum amount the State may reserve under § 300.812 for any fiscal year.
b. Funds described in paragraph (a) of this section may also be used for the administration of Part C of the Act.
Section 300.814 Other State-level activities.
Each State must use any funds the State reserves under § 300.812 and does not use for administration under § 300.813 –
a. For support services (including establishing and implementing the mediation process required by section 615€ of the Act), which may benefit children with disabilities younger than three or older than five as long as those services also benefit children with disabilities aged three through five;
b. For direct services for children eligible for services under section 619 of the Act;
c. For activities at the State and local levels to meet the performance goals established by the State under section 612(a)(15) of the Act;
d. To supplement other funds used to develop and implement a statewide coordinated services system designed to improve results for children and families, including children with disabilities and their families, but not more than one percent of the amount received under section 619 of the Act for a fiscal year;
e. To provide early intervention services (which must include an educational component that promotes school readiness and incorporates preliteracy, language, and numeracy skills) in accordance with Part C of the Act to children with disabilities who are eligible for services under section 619 of the Act and who previously received services under Part C of the Act until such children enter, or are eligible under State law to enter, kindergarten; or
f. At the State's discretion, to continue service coordination or case management for families who receive services under Part C of the Act, consistent with § 300.814(e)
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-035 The Office of Superintendent of Public Instruction improperly charged $42,265 to the Special Education Cluster.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $42,265
Prior Year Audit Finding: No
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identified that obligations charged to the fiscal year 2021 Special Education grants must be liquidated within 120 days after the budget period ended on September 30, 2022.
Description of Condition
The Office improperly charged $42,265 to the Special Education Cluster.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. However, we examined two charges that were coded to the fiscal year 2021 Special Education grants after the liquidation period ended. We reviewed the supporting documentation for each expenditure to ensure it was allowable and took place during the period of performance. We found that both charges were recorded after the liquidation period for services and purchases that occurred during the period of performance.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2021 IDEA, Part B grants after the liquidation period ended, and did not request a late liquidation from the U.S Department of Education.
Effect of Condition and Questioned Costs
We identified $42,265 in questioned costs that were paid outside the program’s period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
OSPI has established internal controls to address allowable periods for journal vouchers (corrections). The correction cycle will be aligned with federally established liquidation periods. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum
• Complete expenditure corrections within the grant liquidation period
• Liquidation is done on the last business day of January (or 120 days after the budget period ends)
• Submit late liquidation requests to the appropriate federal point of contact, as needed
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2021 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H173A200074 and H027A200074 as July 1, 2018, through September 30, 2021.
Title 20 United States Code 1225(b), Section 421(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months
2023-036 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074 – 20A; H027A210074 – 21A; H027A220074 – 21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-026
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and it passed about $278 million of that funding through to LEAs and all nine educational service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office provided training to ESDs on the new monitoring manual for them. It also updated the ESD contracts to reflect monitoring activities that would start during the 2022–23 school year. Documentation for these monitoring activities is not required to be submitted until February 2024. Since the Office did not plan to review monitoring until March 2024, it did not perform risk assessments of any ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. In April 2022, OSPI Special Education division revised and expended the form package that Educational Service Districts (ESDs) need to submit as part of year-end reporting. Additionally, ESDs are required to respond to a services of questions and provide applicable documentation for contracts and procurement, time and effort process and reports, documentation for professional development expenditures, and year-end expenditure reports.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to an onsite visit if deemed necessary.
In March 2023 the Special Education Office finalized the Fiscal Monitoring Procedures Handbook for ESDs. The following timeline has been developed for full implementation of the corrective actions:
• ESDs are required to upload documentation by February 1, 2024.
• The Special Education Office will complete reviews of submitted documents and issue reports to ESDs by February 2024. Reports will identify any required of recommended corrective actions.
• The Special Education Office will issue final reports to ESDs within 60 calendar days after documentation review by March 2024.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-034 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $378,206
Prior Year Audit Finding: Yes, Finding 2022-025
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identifies the amount of funds the Office must distribute to its LEAs on a formula basis, as well as the amount it can set aside for administration and other state-level activities. The Office was awarded $8,433,118 for the fiscal year 2021 IDEA Preschool Grant. From this award, $2,222,340 was earmarked to be spent on state-level activities. This is split between administrative costs of up to $444,468 and other state-level activities for the remaining amount.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program. The prior finding number was 2022-025.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program.
During the audit period, the Office did not accurately track expenditures for administration and other state-level activities. For the life of the grant, the Office spent $2,600,340 on other state-level activities, which exceeded the maximum by $378,206. As a result, we are questioning the $378,206 as unallowable state-level costs.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Although management were aware of the required earmarks, the Office did not address identified variances in the spending plan for them. This was due in part to staff changes within the program that led to inconsistencies in tracking expenditures of the earmarked funds.
Effect of Condition and Questioned Costs
Without adequate internal controls, the Office cannot ensure that it meets the grant’s earmarking requirements. By not complying with the grant’s earmarking requirements, the Office improperly spent $378,206 on activities that exceeded the allowable earmarked amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Office:
• Improve internal controls to ensure it does not exceed the maximum allowable amounts that are earmarked for administration and other state-level activities
• Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. When special education fiscal leadership transitioned in 2021, the incoming director identified necessary changes in agency procedures for closing out the fiscal year for special education. Since that time, the following internal controls have been fully implemented to ensure spending plans do not exceed the maximum allowable amounts earmarked for administration and other state-level activities:
1. At the beginning of the fiscal year, the Director of Operations/Budget Analysis meet to review the criteria for spending plans.
2. Copies of GAN and Grants to States Summary Table and Preschool Grants to States Summary Table are shared with the Budget Analysis.
3. Director of Operations/Budget Analysis meet to review the GAN and Grants to States Summary Table and Preschool Grants to States Summary Table.
4. Director of Operations/Budget Analysis meet to review spending plan and update the maximum allowable amounts earmarked for administration and other state-level activities in the spending plan.
5. Maximum allowable amounts earmarked for administration and other state-level activities are reviewed throughout the fiscal year.
6. Director of Operations/Budget Analysis meet weekly to review spending plan.
7. Spending Plan updated as requests are received.
8. Monthly expenditure reports are produced and during weekly meetings, Director of Operations/Budget Analysis review expenditures.
These internal controls have contributed to increased communication and partnership between the Director of Operations/Budget Analysis. With implementing these consistent controls, we can ensure that maximum allowable amounts that are earmarked for administration and other state-level activities will meet compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 34 CFR Part 300, Assistance to States for the Education of Children with Disabilities, states in part:
Section 300.812 Reservation for State activities, states:
a. Each State may reserve not more than the amount described in paragraph (b) of this section for administration and other State-level activities in accordance with §§ 300.813 and 300.814.
b. For each fiscal year, the Secretary determined and reports to the SEA an amount that is 25% of the amount the State received under section 619 of the Act for fiscal year 1997 cumulatively adjusted by the secretary for each succeeding fiscal year by the lesser of –
1. The percentage increase, if any, from the preceding fiscal year in the State’s allocation under section 619 of the Act; or
2. The rate of inflation, as measured by the percentage increase, if any, from the preceding fiscal year in the Consumer Price Index for All Urban Consumers, published by the Bureau of Labor Statistics to the Department of Labor.
Section 300.813 State administration, states:
a. For the purpose of administering section 619 of the Act (including the coordination of activities under Part B with the Act with, and providing technical assistance to, other programs that provide services to children with disabilities), a State may use not more than 20 percent of the maximum amount the State may reserve under § 300.812 for any fiscal year.
b. Funds described in paragraph (a) of this section may also be used for the administration of Part C of the Act.
Section 300.814 Other State-level activities.
Each State must use any funds the State reserves under § 300.812 and does not use for administration under § 300.813 –
a. For support services (including establishing and implementing the mediation process required by section 615€ of the Act), which may benefit children with disabilities younger than three or older than five as long as those services also benefit children with disabilities aged three through five;
b. For direct services for children eligible for services under section 619 of the Act;
c. For activities at the State and local levels to meet the performance goals established by the State under section 612(a)(15) of the Act;
d. To supplement other funds used to develop and implement a statewide coordinated services system designed to improve results for children and families, including children with disabilities and their families, but not more than one percent of the amount received under section 619 of the Act for a fiscal year;
e. To provide early intervention services (which must include an educational component that promotes school readiness and incorporates preliteracy, language, and numeracy skills) in accordance with Part C of the Act to children with disabilities who are eligible for services under section 619 of the Act and who previously received services under Part C of the Act until such children enter, or are eligible under State law to enter, kindergarten; or
f. At the State's discretion, to continue service coordination or case management for families who receive services under Part C of the Act, consistent with § 300.814(e)
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-035 The Office of Superintendent of Public Instruction improperly charged $42,265 to the Special Education Cluster.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $42,265
Prior Year Audit Finding: No
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identified that obligations charged to the fiscal year 2021 Special Education grants must be liquidated within 120 days after the budget period ended on September 30, 2022.
Description of Condition
The Office improperly charged $42,265 to the Special Education Cluster.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. However, we examined two charges that were coded to the fiscal year 2021 Special Education grants after the liquidation period ended. We reviewed the supporting documentation for each expenditure to ensure it was allowable and took place during the period of performance. We found that both charges were recorded after the liquidation period for services and purchases that occurred during the period of performance.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2021 IDEA, Part B grants after the liquidation period ended, and did not request a late liquidation from the U.S Department of Education.
Effect of Condition and Questioned Costs
We identified $42,265 in questioned costs that were paid outside the program’s period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
OSPI has established internal controls to address allowable periods for journal vouchers (corrections). The correction cycle will be aligned with federally established liquidation periods. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum
• Complete expenditure corrections within the grant liquidation period
• Liquidation is done on the last business day of January (or 120 days after the budget period ends)
• Submit late liquidation requests to the appropriate federal point of contact, as needed
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2021 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H173A200074 and H027A200074 as July 1, 2018, through September 30, 2021.
Title 20 United States Code 1225(b), Section 421(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months
2023-036 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074 – 20A; H027A210074 – 21A; H027A220074 – 21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-026
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and it passed about $278 million of that funding through to LEAs and all nine educational service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office provided training to ESDs on the new monitoring manual for them. It also updated the ESD contracts to reflect monitoring activities that would start during the 2022–23 school year. Documentation for these monitoring activities is not required to be submitted until February 2024. Since the Office did not plan to review monitoring until March 2024, it did not perform risk assessments of any ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. In April 2022, OSPI Special Education division revised and expended the form package that Educational Service Districts (ESDs) need to submit as part of year-end reporting. Additionally, ESDs are required to respond to a services of questions and provide applicable documentation for contracts and procurement, time and effort process and reports, documentation for professional development expenditures, and year-end expenditure reports.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to an onsite visit if deemed necessary.
In March 2023 the Special Education Office finalized the Fiscal Monitoring Procedures Handbook for ESDs. The following timeline has been developed for full implementation of the corrective actions:
• ESDs are required to upload documentation by February 1, 2024.
• The Special Education Office will complete reviews of submitted documents and issue reports to ESDs by February 2024. Reports will identify any required of recommended corrective actions.
• The Special Education Office will issue final reports to ESDs within 60 calendar days after documentation review by March 2024.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-034 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $378,206
Prior Year Audit Finding: Yes, Finding 2022-025
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identifies the amount of funds the Office must distribute to its LEAs on a formula basis, as well as the amount it can set aside for administration and other state-level activities. The Office was awarded $8,433,118 for the fiscal year 2021 IDEA Preschool Grant. From this award, $2,222,340 was earmarked to be spent on state-level activities. This is split between administrative costs of up to $444,468 and other state-level activities for the remaining amount.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program. The prior finding number was 2022-025.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it met the earmarking requirements for the program.
During the audit period, the Office did not accurately track expenditures for administration and other state-level activities. For the life of the grant, the Office spent $2,600,340 on other state-level activities, which exceeded the maximum by $378,206. As a result, we are questioning the $378,206 as unallowable state-level costs.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Although management were aware of the required earmarks, the Office did not address identified variances in the spending plan for them. This was due in part to staff changes within the program that led to inconsistencies in tracking expenditures of the earmarked funds.
Effect of Condition and Questioned Costs
Without adequate internal controls, the Office cannot ensure that it meets the grant’s earmarking requirements. By not complying with the grant’s earmarking requirements, the Office improperly spent $378,206 on activities that exceeded the allowable earmarked amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Office:
• Improve internal controls to ensure it does not exceed the maximum allowable amounts that are earmarked for administration and other state-level activities
• Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. When special education fiscal leadership transitioned in 2021, the incoming director identified necessary changes in agency procedures for closing out the fiscal year for special education. Since that time, the following internal controls have been fully implemented to ensure spending plans do not exceed the maximum allowable amounts earmarked for administration and other state-level activities:
1. At the beginning of the fiscal year, the Director of Operations/Budget Analysis meet to review the criteria for spending plans.
2. Copies of GAN and Grants to States Summary Table and Preschool Grants to States Summary Table are shared with the Budget Analysis.
3. Director of Operations/Budget Analysis meet to review the GAN and Grants to States Summary Table and Preschool Grants to States Summary Table.
4. Director of Operations/Budget Analysis meet to review spending plan and update the maximum allowable amounts earmarked for administration and other state-level activities in the spending plan.
5. Maximum allowable amounts earmarked for administration and other state-level activities are reviewed throughout the fiscal year.
6. Director of Operations/Budget Analysis meet weekly to review spending plan.
7. Spending Plan updated as requests are received.
8. Monthly expenditure reports are produced and during weekly meetings, Director of Operations/Budget Analysis review expenditures.
These internal controls have contributed to increased communication and partnership between the Director of Operations/Budget Analysis. With implementing these consistent controls, we can ensure that maximum allowable amounts that are earmarked for administration and other state-level activities will meet compliance.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 34 CFR Part 300, Assistance to States for the Education of Children with Disabilities, states in part:
Section 300.812 Reservation for State activities, states:
a. Each State may reserve not more than the amount described in paragraph (b) of this section for administration and other State-level activities in accordance with §§ 300.813 and 300.814.
b. For each fiscal year, the Secretary determined and reports to the SEA an amount that is 25% of the amount the State received under section 619 of the Act for fiscal year 1997 cumulatively adjusted by the secretary for each succeeding fiscal year by the lesser of –
1. The percentage increase, if any, from the preceding fiscal year in the State’s allocation under section 619 of the Act; or
2. The rate of inflation, as measured by the percentage increase, if any, from the preceding fiscal year in the Consumer Price Index for All Urban Consumers, published by the Bureau of Labor Statistics to the Department of Labor.
Section 300.813 State administration, states:
a. For the purpose of administering section 619 of the Act (including the coordination of activities under Part B with the Act with, and providing technical assistance to, other programs that provide services to children with disabilities), a State may use not more than 20 percent of the maximum amount the State may reserve under § 300.812 for any fiscal year.
b. Funds described in paragraph (a) of this section may also be used for the administration of Part C of the Act.
Section 300.814 Other State-level activities.
Each State must use any funds the State reserves under § 300.812 and does not use for administration under § 300.813 –
a. For support services (including establishing and implementing the mediation process required by section 615€ of the Act), which may benefit children with disabilities younger than three or older than five as long as those services also benefit children with disabilities aged three through five;
b. For direct services for children eligible for services under section 619 of the Act;
c. For activities at the State and local levels to meet the performance goals established by the State under section 612(a)(15) of the Act;
d. To supplement other funds used to develop and implement a statewide coordinated services system designed to improve results for children and families, including children with disabilities and their families, but not more than one percent of the amount received under section 619 of the Act for a fiscal year;
e. To provide early intervention services (which must include an educational component that promotes school readiness and incorporates preliteracy, language, and numeracy skills) in accordance with Part C of the Act to children with disabilities who are eligible for services under section 619 of the Act and who previously received services under Part C of the Act until such children enter, or are eligible under State law to enter, kindergarten; or
f. At the State's discretion, to continue service coordination or case management for families who receive services under Part C of the Act, consistent with § 300.814(e)
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-035 The Office of Superintendent of Public Instruction improperly charged $42,265 to the Special Education Cluster.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education–Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074-20A; H027A210074-21A; H027A220074–21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $42,265
Prior Year Audit Finding: No
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and passed about $278 million of that funding through to LEAs and educational service districts.
IDEA, Part B identified that obligations charged to the fiscal year 2021 Special Education grants must be liquidated within 120 days after the budget period ended on September 30, 2022.
Description of Condition
The Office improperly charged $42,265 to the Special Education Cluster.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. However, we examined two charges that were coded to the fiscal year 2021 Special Education grants after the liquidation period ended. We reviewed the supporting documentation for each expenditure to ensure it was allowable and took place during the period of performance. We found that both charges were recorded after the liquidation period for services and purchases that occurred during the period of performance.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2021 IDEA, Part B grants after the liquidation period ended, and did not request a late liquidation from the U.S Department of Education.
Effect of Condition and Questioned Costs
We identified $42,265 in questioned costs that were paid outside the program’s period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
OSPI has established internal controls to address allowable periods for journal vouchers (corrections). The correction cycle will be aligned with federally established liquidation periods. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum
• Complete expenditure corrections within the grant liquidation period
• Liquidation is done on the last business day of January (or 120 days after the budget period ends)
• Submit late liquidation requests to the appropriate federal point of contact, as needed
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2021 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H173A200074 and H027A200074 as July 1, 2018, through September 30, 2021.
Title 20 United States Code 1225(b), Section 421(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months
2023-036 The Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to States (IDEA, Part B)
84.027 COVID-19 Special Education Grants to States (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education–Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A200074 – 20A; H027A210074 – 21A; H027A220074 – 21A; H027X210074; H173A200074; H173A210074; H173A220074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-026
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction that addresses students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $282 million in federal IDEA grant funds during fiscal year 2023, and it passed about $278 million of that funding through to LEAs and all nine educational service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the terms and conditions of the subaward for determining the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office provided training to ESDs on the new monitoring manual for them. It also updated the ESD contracts to reflect monitoring activities that would start during the 2022–23 school year. Documentation for these monitoring activities is not required to be submitted until February 2024. Since the Office did not plan to review monitoring until March 2024, it did not perform risk assessments of any ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. In April 2022, OSPI Special Education division revised and expended the form package that Educational Service Districts (ESDs) need to submit as part of year-end reporting. Additionally, ESDs are required to respond to a services of questions and provide applicable documentation for contracts and procurement, time and effort process and reports, documentation for professional development expenditures, and year-end expenditure reports.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to an onsite visit if deemed necessary.
In March 2023 the Special Education Office finalized the Fiscal Monitoring Procedures Handbook for ESDs. The following timeline has been developed for full implementation of the corrective actions:
• ESDs are required to upload documentation by February 1, 2024.
• The Special Education Office will complete reviews of submitted documents and issue reports to ESDs by February 2024. Reports will identify any required of recommended corrective actions.
• The Special Education Office will issue final reports to ESDs within 60 calendar days after documentation review by March 2024.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-039 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 area agencies on aging (AAAs).
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 93 subawards and amendments totaling $216,486,694 that it was required to report in fiscal year 2023.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not enter the information required for reporting into the tracking spreadsheet when subawards and subaward amendments were executed, and the Department did not report any subawards in FSRS during fiscal year 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure subawards and amendments were reported in FSRS. However, due to management turnover throughout the fiscal year, staff did not enter subawards and amendments into the tracking spreadsheet, and did not report any of the subawards in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines.
Department’s Response
The Department agrees with the finding.
Due to management and fiscal staff turnover throughout the fiscal year, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts was entered.
By January 31, 2024, FFATA reports for FFY2024 Older Americans Act (OAA) funded contracts, executed in December 2023, will be entered in FSRS to meet the 30-day reporting requirement.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By Feb 1, 2024, the Office Chief or designee will review the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Department will work with the Administration of Community Living to develop a plan to address the FFATA reporting backlog that exists between SFY22-SFY23 for OAA grants to ensure all FFATA reports are entered in FSRS for all previous years by June 30, 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-040 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title, and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipient so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster programs.
We used a non-statistical sampling method to randomly select and examine six of 13 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all six subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity, and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, the Department neglected to communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it has adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by federal law.
Department’s Response
The Department agrees with this finding.
The Department receives Notices of Award (NOA) from the Administration of Community Living 3-4 times per award in partial amounts. To reduce the time and effort it takes to issue subaward amendments to 13 Area Agency on Aging (AAA), the Department decided to post NOAs on the Intranet used to communicate Management Bulletins and other documents to AAAs to make the process more efficient. Unfortunately, the Department did not update subaward language to outline this change in the process.
Effective July 31, 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, will be included for each funding source in the initial subaward as an Exhibit D. Language will be added to the subaward informing Area Agency on Aging that the future NOAs will be posted on the intranet. In addition, the fiscal staff assigned will inform all AAA fiscal staff when new NOAs are posted via e-mail. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-041 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health & Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to elderly people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to elderly people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2023, the Department spent about $39.5 million in Aging Cluster federal funding, including about $38.4 million paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Aging Cluster programs obtained required single audits.
The Department had processes in place to monitor that subrecipients obtained single audits. To monitor compliance with these requirements, the Department used Excel spreadsheets to track subrecipients’ single audits. During the audit period, however, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due, and did not verify the single audit report had been submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
We used a non-statistical sampling method to randomly select and examine six out of a total population of 13 AAAs, as well as two additional AAAs that were individually significant, to verify whether they had obtained single audits. We found four AAAs did not obtain and submit a single audit by the required deadlines, and there was no evidence that the Department communicated with the AAAs when the reports were late. During our testing, we found three AAAs eventually submitted their single audit reports after the due date. We also found one AAA has not submitted the required single audit report.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Due to management turnover throughout the fiscal year, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendations
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department agrees with the finding.
The Federal Compliance Manager position was vacant from April 2021 to April 2022 and once the position was filled the priority was to catch up on monitoring, reviewing area plans and cost allocations submitted by the Area Agency on Aging (AAA). It was for that reason that tracking whether the Department’s subrecipients obtained and submitted their required single audits was not completed during the audit period. The two AAAs that did not submit single audits were contacted in January 2024 and remediation of the audit exceptions are underway.
Effective March 31, 2024, the Single Monitor Tracking Sheet will be updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, and when a management letter is sent and the AAA responses.
By July 1, 2024, a reminder process will be implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in Tracker.
The AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $356,042,172
Prior Year Audit Finding: Yes, Finding 2022-041
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2023, the Department spent more than $356 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources, based on the eligibility of the client. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2022-041, 2021-033, 2020-038, 2019-035, 2018–034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8–13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments with federal CCDF funds in the audit period was $356,042,172. The Department also partially funded these payments with an additional $48,941,302 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $356,042,172 in federal program costs the Department incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2201WATANF; 2301WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-036
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2023, the Department spent more than $356 million in CCDF and $107.3 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of
July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60 percent of the state median income at application or 65 percent of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 65 percent of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 11 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF.
During the audit period, the Department determined 61,140 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In three instances (5.1 percent), we found the Department made eligibility determinations improperly, or did not verify information before authorizing services. Specifically, we found:
• One case (1.7 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination.
• Two cases (3.4 percent) where the Department did not follow procedure for verifying the approved activity, which led to an incorrect eligibility determination.
Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendations
We recommend the Department improve its internal controls over determining client eligibility to ensure it:
• Reviews eligibility determinations sufficiently to detect improper eligibility determinations
• Reviews sufficient support for household composition information for accuracy
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective. Further, we appreciate SAO’s work with us over the several past years to strengthen internal controls for eligibility through the auditing process. The Statewide Single Audit (SWSA) is an important tool in the Department’s continuous quality improvement efforts and together with the Department’s internal controls has helped reduce the audit exceptions to three with zero questioned costs.
The Department continues to access data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Additionally, the Department is being intentional in updating our learning resources for eligibility staff. Information from this and future audits will be used to update training. The Department will continue our internal control and quality improvement efforts and activities to build and maintain our eligibility case accuracy.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code (WAC) 110-15-0015 – Determining family size, states in part:
1. DCYF determines a consumer’s family size as follows:
a. For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer’s children;
b. For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household;
c. Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household;
d. For married parents, DCYF counts both parents and all of their children living in the household;
e. For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005;
f. For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix “great,” such as a “great-nephew,” or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children’s income is counted;
g. For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children;
h. For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply;
i. For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply;
j. An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and
k. For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household.
2. When the household consists of the consumer’s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer.
WAC 110-15-0040 – Approved activities for applicants and consumers participating in WorkFirst, states:
1. Applicants and consumers who participate in WorkFirst activities may be eligible for WCCC benefits for the following approved activities in their individual responsibility plans (IRPs), for up to a maximum of sixteen hours per day, including:
a. An approved WorkFirst activity under WAC 388-310-0200, with the following exception: In-home/relative providers who are paid child care subsidies to care for children receiving WCCC benefits may not receive those benefits for their own children during the hours in which they provide subsidized child care. These consumers may be eligible for other approved activities in their IRPs;
b. Employment as defined in WAC 110-15-0003;
c. Self-employment as defined in WAC 110-15-0003 and as described in the consumer's current WorkFirst IRP;
d. Travel time between the child care location and the consumer’s place of employment or approved activity;
e. Up to ten hours per week of study time for approved classes;
f. Up to eight hours of sleep time before or after a night shift; and
g. Any activity approved by tribal TANF.
2. WorkFirst consumers participating in approved activities for at least one hundred ten hours per month as described in WAC 110-15-0190 are considered to have a schedule of Monday through Friday, 8:00 a.m. to 5:00 p.m., except when:
a. The consumer’s IRP specifies a different schedule; or
b. Verified differently by the consumer.
WAC 110-15-0045 – Approved activities for applicants and consumers not participating in WorkFirst, states:
1. Applicants and consumers not participating in WorkFirst activities may be eligible for WCCC benefits for the following approved activities:
a. Employment;
b. Self-employment;
c. Supplemental nutrition assistance program employment and training (SNAP E&T); or
d. The following education programs:
i. High school or working towards a high school equivalency certificate for consumers under 22 years of age;
ii. Part-time enrollment in a vocational education, adult basic education (ABE), high school equivalency certificate for consumers 22 years of age and older, or English as a second language (ESL) program combined with an average of 20 or more employment hours per week or 16 more work-study hours per week; or
iii. For full-time students of a community, technical, or tribal college, enrollment in:
A. A vocational education program that leads to a degree or certificate in a specific occupation;
B. An associate degree program; or
C. A registered apprenticeship program.
iv. “Full-time student” for the purpose of this subsection means a consumer attends a community, technical, or tribal college and meets its definition of full-time student.
(e) Applicants and consumers who meet the requirements of (c) of this subsection are eligible to receive subsidy payment for up to 10 hours per week of study time for approved classes.
2.Applicants and consumers who are eligible for WCCC benefits under the terms of this section are eligible to receive subsidy payment for:
a. Transportation time between the child care location and the consumer’s place of employment or approved activity; and Up to eight hours of sleep time before or after a night shift.
2023-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-042
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort, and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort, and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2022-042, 2021-036, and 2020-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort, and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort, and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort, and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system, and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort, and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-061 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-043
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)):
• Discretionary Funds must be obligated by the end of the succeeding fiscal year after award and expended by the end of the third fiscal year after award.
• Mandatory Funds must be obligated by the end of the fiscal year in which they are awarded if the state also requests Matching Funds. If no Matching Funds are requested for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching Funds must be obligated by the end of the fiscal year in which they are awarded and liquidated by the end of the succeeding fiscal year after award.
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security (CARES) and the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2022-043, 2021-037, and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the amount of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.66 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii) Mandatory Funds for States that do not request Matching Funds are available until expended.
(3) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF
funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under
subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such
funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-062 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Service
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-044
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2023, the Department spent about $547.2 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures and could not test whether the reports were accurate and complete. This condition is also referenced in audit finding 2023-058.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of childcare expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with requirements in federal law to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendations
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department held an informal meeting on February 23, 2022, with HHS representative, the State Auditor’s Office and the Office of Financial Management. The intent was to obtain the grantor’s perspective in whether proper grant accounting required the use of child-level data. HHS stated they would not offer an opinion until they received the completed finding from the state.
However, the Cause of Condition of finding 2021-033 stated, “HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.” The Department does not agree with SAO’s interpretation of the meeting outcome.
In the area of CCDF eligibility, for state fiscal year 2021, the SAO also issued finding 2021-035, with questioned cost of $32 and in state fiscal year 2022, finding 2022-008 (temporary number) with no questioned costs. There were no other findings or exit items in the area of eligibility determination or the cost allocation of funds. Given that eligibility or cost allocation is not an area of concern and transfers were processed between CCDF source of funds with the same eligibility requirements, the Department is confident CCDF funding was spent appropriately within federal regulations.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The management decision letter also conveyed the following determination by HHS for finding 2021-035, 2020-039 on eligibility compliance:
“The ACF believes the corrective actions taken or planned, as stated above, should prevent recurrence of this finding in the future. In addition, we recognize the continuous progression of the State’s actions to fully resolve this finding as the number of error cases and the number of questioned costs have both significantly declined over the last 3 years. Therefore, the ACF will not pursue the questioned costs of $32 since the state has taken corrective actions that appear to have resulted in an amount of questioned costs that are immaterial.”
The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure childcare payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department has submitted a budget request for the 2024 supplemental budget. If the request is funded, it would allow adjustments to include child-level data.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the prior finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references are included in this finding.
In its response, the Department references previous findings related to the eligibility compliance requirement as a basis for asserting federal funds were spent properly. The requirements to determine whether a client is eligible to receive subsidized child care are different than the requirements to ensure the payments for those services are allowable, fall within each award’s period of performance and adequately supported. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
We disagree with the Department’s description of the meeting held with HHS program staff on November 8, 2023. The Department states HHS “upheld the above statements that the finding was not substantiated.” This is not accurate. During this meeting, HHS representatives conveyed the same message that they did in the management decision issued October 3, 2023. The finding was partially substantiated because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2022 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
Lastly, when the Washington State Legislature approved the Department’s 2023-25 biennial budget, it specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions.”
We reaffirm our finding and hope additional resources from the Legislature, to get down to child-level detail for all transactions, will resolve the auditing problems existing at the Department. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-063 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Child Care and Development Fund.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Children, Youth, and Families (Department) administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. The Department subawards federal funds to the program’s only subrecipient, Washington State Child Care Resources – Child Care Aware. In fiscal year 2023, the Department spent $547.2 million in CCDF federal funding, including about $17.8 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made a subaward or subaward amendment. The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
Each month, a designated employee uses the Contracts and Procurement System to run a report to view open federal grants. The Department uses this system to manage all early learning contracts, both for contractors and subrecipients. Once the preparer has obtained the grant information, they enter all eligible subawards for the reporting month, including all the subaward key elements into FSRS. Before submitting the report, a designated manager reviews and approves it. There were 12 CCDF subawards and amendments that were required to be reported in fiscal year 2023, totaling $20.2 million.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the CCDF program.
During the audit period, the Department was required to report about $20.2 million of program funds that it awarded to its subrecipient through 12 new and amended subawards. We examined all 12 subawards and found that nine (75 percent), totaling $1.6 million, were not reported in FSRS.
Additionally, for the three reports that were filed, we found that two (16.7 percent) misreported the subaward amount. Specifically, one subaward amount was overstated, and the other subaward amount was understated. The total amount under/overreported was $41,480.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department has written procedures in place to ensure the required reports are submitted, but staff did not file all of them during the audit period. Additionally, management did not review the reports before or after submitting them to ensure they were accurate and complete.
Effect of Condition
Filing inaccurate reports or failing to submit them when required diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports
• Follow its own policies and procedures for filing required reports
• Ensure management monitors to ensure future reports required by the Act are submitted accurately and completely
Department’s Response
The Department of Children, Youth, and Families appreciates, acknowledges, and supports the State Auditor’s Office’s (SAO) mission to provide citizens with independent and transparent examinations of how state and local governments use public funds, and develops strategies to make government more efficient and effective.
During the audit period, the Department experienced a high level of staff turnover and vacancy rates resulting in missed and inaccurate Federal Funding Accountability and Transparency Act reporting. The Department is committed to strengthening internal controls and complying with federal requirements and will review written policies and procedures with cost allocation and grant management staff.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.)
3.What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-064 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2203WACCDF; 2203WACCDD; 2303WACCDF; 2303WACCDD; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-045
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2023, the Department spent about $547.2 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require non–relative FFN providers to complete health and safety training within 90 days of their subsidy payment start date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for non-relative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and conducts the ongoing training requirements with the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the eight prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015–024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,358 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 14 instances (24 percent) where providers did not receive their required annual monitoring visit. Of the remaining 45 providers that did receive a monitoring visit, we identified 13 instances (29 percent) where the licensor did not conduct the appropriate follow-up visit on noncompliance issues.
Non-relative FFN provider initial training
The Department was not able to identify complete populations of FFN providers for the purposes of our initial training testing. We randomly selected 21 out of 197 FFN providers that Department officials said were required to complete initial training. Of those reviewed, we determined nine of the providers did not meet the criteria for testing because they were not subject to initial training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
Non-relative FFN provider ongoing training and annual technical visits
The Department was not able to identify complete populations of FFN providers for the purposes of our ongoing training and technical visit testing. We randomly selected 11 out of 53 FFN providers that Department officials said were required to complete ongoing training and have a technical visit. Of those reviewed, we determined one of the providers did not meet the criteria for testing because they were not subject to ongoing training or annual technical visits since they were relative providers. Of the remaining providers that were applicable to our testing, we found one instance where the provider did not complete their technical visit, but they did receive ongoing training. After testing, the Department acknowledged that it cannot identify complete populations due to system limitations.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 14 of the 59 monitoring visits we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring visits and follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
Management did not monitor sufficiently to ensure that staff completed technical visits. Further, due to system limitations, the Department did not effectively identify during the audit period which providers were subject to training and technical visit requirements.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not completing monitoring visits or following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements. Further, not following up on noncompliance violations in a timely manner can put children in jeopardy of harm, neglect, and unhealthy environments.
Non-relative FFN provider initial training, ongoing training, and technical visits
By not conducting all required technical visits, the Department did not have assurance that providers met health and safety requirements. System limitations and the inability to obtain a complete population for sampling and testing created a condition that prevented our Office from fully auditing the Department’s compliance with these requirements.
Recommendations
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Ensure management follows established policies and procedures to ensure non-relative FFN providers complete their required initial training, ongoing training, and receive technical visits
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the Auditor’s specific findings, the Department concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
Due to the COVID-19 pandemic, the Department experienced a high level of child care licensor turnover. The Department focused available resources on assisting new and current providers to ensure access to child care for families, first responders, and health care workers. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all monitoring visits and was unable to send licensing staff to assist other offices with this work. Starting in fall 2022, the Department began work to recruit new staff and train them on child care licensing rules and regulations to address turnover; however, this effort takes time, due to the extensive training we give our staff. These efforts are demonstrating strong commitments to improvements in the health and safety compliance for child care providers. As of November 2023, the Department is on target for 100% compliance with monitoring visits even with a 4.1% increase in child care providers during federal fiscal year 2023.
As part of its quality improvement initiates, the Department has implementing data driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance. In addition, the Department has implemented new recruitment and training plans for child care licensors. In November 2022, the Department added a new position to assist supervisors with onboarding and training of all new staff hired. The Department concurs that health and safety monitoring visits were not properly completed during the audit period and is confident that corrective actions taken will improve this area moving forward. The Department is focusing resources to strengthening internal controls around all health and safety requirements.
Non-relative FFN provider initial training, ongoing training, and annual technical visits
The Department tracks health and safety requirements for FFN providers using the limited tools and fields currently available in WA Compass. The WA Compass system was implemented for licensed child care providers and has not been fully developed for the FFN provider type. The State Auditor’s Office requested data from the WA Compass system for their audit testing in a format the system does not currently support. Due to the fluid nature of the FFN providers, and their payment start dates, the Department was unable to pull data that reflected only providers with open authorizations during the audit period. Further, WA Compass does not currently include all health and safety requirements for FFN providers. The Department has dedicated staff resources to update WA Compass to include all health and safety requirements for FFNs and address data format issues. Staff will continue to track and monitor FFN health and safety requirements with available tools until all system development is completed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1.A provider described in WAC 110-16-0015(4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015(4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015(4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
c. Prevention and control of infectious diseases;
d. Emergency preparedness and response planning for natural disasters and human-caused events;
e. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
f. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
(1) A provider described in WAC 110-16-0015(4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
(2) The purpose of the visit is to:
(a) Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
(b) Observe the provider’s interactions with the child, and discuss health and safety practices;
(c) Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
(d) Provide regional contact information for FFN child care services and resources.
(3) A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
(4) At the annual, scheduled visit, the provider must show, unless previously provided to the department:
(a) Proof of identity;
(b) Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
(c) Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
(d) Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
(e) The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
2023-073 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5021; 2305WA3002; 2305WA5021; 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-054
Background
The Health Care Authority administers both the Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent about $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2023, the Authority contracted with five MCOs and paid them more than $9.9 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements went into effect for contract years starting after July 1, 2017.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority took steps toward updating the MCO contract language to include the audited financial report requirements. However, the changes included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data.
To meet the periodic audit requirements, the Authority would have needed to complete MCO audits of both the encounter and financial data within the last three years. Though the Authority completed encounter data audits in July 2021, it did not complete any financial data audits within the last three years.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so they were consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company, and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials interpreted the compliance requirements on conducting periodic audits to mean that the agency is compliant if an audit is in progress—rather than being fully completed—at least every three years. Because of this interpretation, the Authority has not implemented internal controls to prescribe how and when to perform periodic audits of the MCOs for both the encounter and financial data.
Effect of Condition
By not collecting proper audited financial reports and conducting periodic audits, the Authority increases its risk of relying on inaccurate or incomplete information. This could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendations
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with generally accepted accounting principles and generally accepted auditing standards
• Implement policies and procedures over conducting required periodic audits
• Establish a process to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
The Authority partially concurs with the finding.
The Authority does not concur with the auditor’s conclusion that the Authority lacks adequate internal controls to ensure periodic audit requirements of MCO encounter and financial data are met. The Authority has established internal controls to ensure encounter and financial audits are conducted as required by CMS. The Authority’s internal controls include MCO contract requirements specific to the MCO encounter and financial audits, and an overarching audit policy and process, as well as detailed audit plans that include scheduled MCO audits for each state fiscal year.
The Authority concurs that the MCO financial audit has not concluded within the 3-year timeframe, however the financial data review has been completed for 2021 dates of service and is in the final review phase of the audit. The next MCO financial audit will be scheduled for 2023 dates of service, to be conducted in 2025.
The Authority concurs that it allowed MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP) so they were consistent with the Washington State Office of the Insurance Commissioner and acknowledges that this accounting method does not comply with the federal requirements. The Authority will amend contract language to require MCOs to submit audited financial reports using generally accepted accounting principles and generally accepted auditing standards.
Auditor’s Remarks
As stated in its response, the Authority concurs it did not complete required periodic audits and accepted financial reports that were not compliant with federal law. The combination of these facts, along with the Authority’s lack of policies and procedures, was the basis for us to assess a material weakness in internal controls exists over the Medicaid special test requirement.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-074 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM, 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2205WA5021; 2305WA3002; 2305WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-055
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. CHIP provides health coverage for more than 106,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2023, the Medicaid program spent more than $19.6 billion in federal and state funds, and CHIP spent nearly $224.3 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 135,000 participating providers in fiscal year 2023. During that time, the Authority paid more than $11.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims.
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs. While CMS waived the requirement for HCA to perform revalidations during the public health emergency, HCA management determined that HCA would perform revalidation work beginning October 2020 and throughout the audit period.
Also in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,185 new provider enrollments and was required to perform ongoing eligibility determinations for 123,405 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found 11 instances (over 9 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically we found:
• Staff enrolled two new providers and did not terminate three active providers without a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not properly screen a provider based on risk. No risk level indicator was associated with the provider within the ProviderOne system.
• Staff did not conduct a proper license check on four active providers, who had invalid or expired licenses and should have been terminated from the system.
• Staff backdated one provider’s effective date to before they had a valid NPI, which is required before participating in the Medicaid program.
To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer assisted audit techniques to analyze the entire population of 347 providers that should have been revalidated or deactivated after the emergency declaration ended in March 2023. We found the Authority’s internal controls were insufficient and resulted in none of the 347 providers (100 percent) being revalidated before the due date. We determined 28 providers were subsequently revalidated, and the Authority backdated them. We used non-statistical sampling to randomly select and examine 11 of the 28 providers who were revalidated late and backdated. We identified no exceptions. We also determined 192 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 127 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them during the audit period.
Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks for the majority of the audit period. The monthly automated system checks were re-enabled and the Authority started the process again in March 2023.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority’s automated system is designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system in April 2022 during the fiscal year 2021 audit. The Authority has not implemented manual processes to ensure compliance with the revalidation requirement. Due to this inadequate system design and the lack of manual processes, all provider revalidations were completed after their due dates.
Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers’ identity and exclusion status.
Effect of Condition
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified over $3.9 million in costs at risk for the 347 providers who were not revalidated or deactivated timely.
Recommendations
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
Authority’s Response
The Authority partially concurs with the finding. The Authority concurs with the two new providers and three active providers that were not deactivated without a valid CPA, and the provider that did not have a risk level assigned in the ProviderOne system.
The Authority does not concur that four providers did not receive a proper license check, or the backdated provider prior to receiving an NPI. When a provider’s license expires, the Authority enters an end date for the provider taxonomy, preventing any further payments. This is compliant with requirements. Regarding the backdated NPI, 42 CFR 455.440 only requires that Medicaid claims contain an NPI to be paid. The NPI was valid at the time the provider was screened, and no claims were paid without an NPI attached.
Corrective action has been in process to address the revalidation issues, and as of January 1, 2024 the Authority implemented a system change moving the revalidation date to 90 days before the end of the five year period.
Auditor’s Remarks
The four providers that did not receive proper license checks are still active in ProviderOne and should have been deactivated when the licenses expired. For the provider with the NPI issue, the NPI was valid at the time that the provider was screened, however the Authority backdated the provider’s start date to before the NPI was valid.
We reaffirm our finding and will review the Authority’s corrective actions during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities.
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
(1)
I. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
II. Date of birth and Social Security Number (in the case of an individual).
III. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
I. Upon the provider or disclosing entity submitting the provider application.
II. Upon the provider or disclosing entity executing the provider agreement.
III. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
IV. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
I. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
II. Upon the fiscal agent executing the contract with the State.
III. Upon the renewal or extension of the contract.
IV. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
I. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
II. Upon the managed care entity executing the contract with the State.
III. Upon renewal of the contract.
IV. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
e. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c) The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service
The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill.
It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk.
Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to:
• Survey or certification requirements that supersede a state’s ability to determine prior compliance
Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to:
• Emergency access
• Pre-authorization
• Whether a provider is enrolled in Medicare or another state’s Medicaid Program
CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1.
Washington Administrative Code AC – 182-502-0005 Core provider agreement (CPA), states:
1. The agency only pays claims submitted by or on behalf of a health care professional, health care entity, supplier or contractor of service that has an approved core provider agreement (CPA) with the agency, is a performing provider on an approved CPA with the agency, or has an approved agreement with the agency as a nonbilling provider in accordance with WAC 182-502-0006.
2. Performing providers of services to a medical assistance client must be enrolled under the billing providers’ CPA.
3. Any ordering, prescribing, or referring providers must be enrolled in the agency’s claims payments system in order for any services or supplied ordered, prescribed, or referred by them to be paid. The national providers identifier (NPI) of any referring, prescribing, or ordering provider must be included on the claim form. Refer to WAC 182-502-0005 for enrollment as a nonbilling provider.
4. For services provided out-of-state, refer to WAC 182-501-0180, 182-501-0182 and 182-501-0184.
5. The agency does not pay for services provided to clients during the CPA application process or application for nonbilling provider process, regardless of whether the agency later approves or denies the application, except as provided in subsection (6) of this section or WAC 182-502-0006(5).
6. Enrollment of a provider applicant is effective on the date the agency approves the provider application.
a. A provider applicant may ask for an effective date earlier than the agency’s approval of the provider application by submitting a written request to the agency’s chief medical officer. The request must specify the requested effective date and include an explanation justifying the earlier effective date. The chief medical officer will not authorize an effective date that is:
i. Earlier than the effective date of any required license or certification; or
ii. More than three hundred sixty-five prior to the agency’s approval of the provider application.
b. The chief medical officer or designee may approve exceptions as follows:
i. Emergency services;
ii. Agency-approved out-of-state services;
iii. Medicaid provider entities that are subject to survey and certification by CMS or the state survey agency;
iv. Retroactive client eligibility; or
v. Other critical agency need as determine by the agency’s chief medical officer or designee.
c. For federal qualified health centers (FQHCs), see WAC 182-548-1200. For rural health clinics (RHCs), see WAC 182-549-1200.
d. Exceptions granted under this subsection (6) do not supersede or otherwise change the agencies timely billing requirements under WAC 182-502-0150.
2023-075 The Health Care Authority improperly charged $3,491 to the Medicaid program.
Assistance Listing Number and Title: 93.778 COVID-19 Medical Assistance Program 93.778 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,491
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid, administered by the Health Care Authority, is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Affordable Care Act established a methodology for determining income eligibility for Medicaid, which is based on modified adjusted gross income (MAGI). MAGI is used to determine financial eligibility for Medicaid, premium tax credits, and cost sharing reductions available through the health insurance marketplace. By using one set of income counting rules and a single application across programs, the Affordable Care Act made it easier for people to apply and enroll in the appropriate program.
Federal law requires that certain types of information be collected during the application process. As a condition of eligibility, each person seeking Medicaid must provide their Social Security number (SSN), as described in 42 CFR § 435.910. If applicants do not know their SSN or have not been issued an SSN, states must help them obtain or apply for one.
States may choose to accept self-attestations of the information needed to determine or renew eligibility except with respect to income, SSN, and citizenship or immigration status.
Description of Condition
The Authority improperly charged $3,491 to the Medicaid program.
Under federal law, clients must have an SSN for the Authority to determine or renew their eligibility for services. Those responsible for newborn clients are allowed one full year from the newborn’s date of birth to obtain and inform the Authority of an SSN.
During the COVID-19 public health emergency, the Authority, under federal guidance, was not required to reevaluate clients’ eligibility for services. However, federal law still required clients over the age of one to have an SSN.
We found the Authority had adequate internal controls to ensure material compliance with eligibility requirements. However, we identified instances where the Authority paid benefits on behalf of people who did not provide an SSN as required.
We used a statistical sampling method to randomly select and examine 45 clients out of a total population of 44,497 who were coded as newborns. We found four clients of the 45 we examined did not meet the eligibility requirements.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Families First Coronavirus Response Act specifies that all Medicaid recipients will maintain eligibility through the end of the public health emergency, unless they move out of state, die, request to be removed from the program, or are not eligible due to immigration status. Because the Authority was not reevaluating clients’ eligibility, staff did not identify clients who did not have SSNs as required. Authority officials said that due to the Families First Coronavirus Response Act, they were unable to remove clients from Medicaid, even if they did not have the required SSN.
Effect of Condition and Questioned Costs
The Authority improperly charged the Medicaid program for costs, as outlined in the table below.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $3,491 $3,451,692
State expenditures $2,746 $2,714,891
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a moderate level of assurance, with a 90 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs,” as required by 45 CFR § 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Authority’s Response
The Authority partially concurs with the finding. In accordance with Families First Coronavirus Response Act, the Authority maintained coverage for cases where the household did not provide an SSN for their newborn until the end of the public health emergency.
As normal operations resume, any newborns that do not have an SSN at the age of one will be reviewed at their next renewal.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR Subpart J, Part 435 – Eligibility in the States, states in part:
Section 910, Use of social security number, states in part:
(a) Except as provided in paragraph (h) of this section, the agency must require, as a condition of eligibility, that each individual (including children) seeking Medicaid furnish each of his or her Social Security numbers (SSN).
(e) If an applicant cannot recall his SSN or SSNs or has not been issued a SSN the agency must—
(1) Assist the applicant in completing an application for an SSN;
(2) Obtain evidence required under SSA regulations to establish the age, the citizenship or alien status, and the true identity of the applicant; and
(3) Either send the application to SSA or, if there is evidence that the applicant has previously been issued a SSN, request SSA to furnish the number.
(g) The agency must verify the SSN furnished by an applicant or beneficiary with SSA to ensure the SSN was issued to that individual, and to determine whether any other SSNs were issued to that individual.
(h) Exception.
(1) The requirement of paragraph (a) of this section does not apply and a State may give a Medicaid identification number to an individual who—
(i) Is not eligible to receive an SSN Section 956, Verification of other non-financial information, states in part:
(a) Citizenship and immigration status.
(1) (i) The agency must—
(A) Verify citizenship status
(4) (i) The agency must maintain a record of having verified citizenship or immigration status for each individual, in a case record or electronic database in accordance with the State's record retention policies
(5) If the agency cannot promptly verify the citizenship or satisfactory immigration status of an individual the agency—
(i) Must provide a reasonable opportunity in accordance with paragraph (b) of this section;
(b) Reasonable opportunity period.
(1) The agency must provide a reasonable opportunity period to individuals who have made a declaration of citizenship or satisfactory immigration status in accordance with § 435.406(a), and for whom the agency is unable to verify citizenship or satisfactory immigration status in accordance with paragraph (a) of this section. During the reasonable opportunity period, the agency must continue efforts to complete verification of the individual's citizenship or satisfactory immigration status, or request documentation if necessary. The agency must provide notice of such opportunity that is accessible to persons who have limited English proficiency and individuals with disabilities, consistent with § 435.905(b). During such reasonable opportunity period, the agency must, if relevant to verification of the individual's citizenship or satisfactory immigration status—
(i) In the case of individuals declaring citizenship who do not have an SSN at the time of such declaration, assist the individual in obtaining an SSN, and attempt to verify the individual's citizenship in accordance with paragraph (a)(1) of this section once an SSN has been obtained and verified;
(iii) Provide the individual with an opportunity to provide other documentation of citizenship or satisfactory immigration status.
(3) If, by the end of the reasonable opportunity period, the individual's citizenship or satisfactory immigration status has not been verified in accordance with paragraph (a) of this section, the agency must take action within 30 days to terminate eligibility in accordance with part 431 subpart E …
(d) Social Security numbers. The agency must verify Social Security numbers (SSNs) in accordance with § 435.910 of this subpart.
Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 410, establishes requirements for the collection of unallowable costs.
2023-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and it is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email, or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review all report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare-Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times that the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels and response times for deemed hospitals
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,698 hospital complaints during state fiscal year 2023. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,297 complaints (76 percent) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 66 days. In addition, the Department did not review eight complaints (0.5 percent) within the 21-day basic assessment period. The review time for these complaints ranged between 23 and 71 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management acknowledged the Department was understaffed, which contributed to the lack of timely reviews for the complaints.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints for imminent danger within two working days of receiving them, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. The Department asserts that it has a process to screen complaints for possible imminent danger so that a potential investigation can be initiated in a timely manner. However, we acknowledge that our current system lacks the internal controls necessary to demonstrate compliance. Moving forward, the Department will evaluate system controls in order to properly reflect the accurate date of initial screening then subsequent assessment and review.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; the SA is not precluded from investigating complaints and facility-reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation.
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
2023-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Eligibility
Known Questioned Cost Amount: $576,072
Prior Year Audit Finding: Yes, Finding 2022-059
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Department of Social and Health Services is responsible for ensuring Medicaid social service providers are eligible to render services to program recipients. Providers must remain in good standing with eligibility requirements in order to continue receiving payments under the program. The Department is responsible for performing measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. Washington had more than 50,000 active providers during fiscal year 2023. During that time, the Department paid about
$3.4 billion to providers for direct client services.
Nursing facility contracts have no end date, because the Centers for Medicare and Medicaid Services expects these contracts to be open-ended. However, these facilities are revalidated every five years. At the time of revalidation, nursing facilities must submit a signed and dated Medicaid Provider Disclosure Statement (MPDS). Nursing facilities must have a valid MPDS form on file with the Department to be eligible to charge Medicaid for client services.
After enrollment, staff in the Department’s Contract Unit create a file for each provider in the Agency Contracts Database. Once entered, the Automated Provider Screening (APS) system within ProviderOne automatically screens each provider monthly for exceptions from the following federal databases:
• List of Excluded Individuals/Entities (LEIE)
• Excluded Parties List System, now called the System for Award Management (SAM)
• SSA Limited Access Death Master File
Contract staff are notified by email if the screening resulted in a match, and staff then manually verify if it was legitimate. In between revalidation periods, federal law requires state Medicaid agencies to check LEIE and SAM at least monthly to determine the exclusion status of providers, including any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program. The prior finding number was 2022-059.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid Program.
Nursing Facility Revalidations
The Department is required to revalidate nursing facilities on a five-year cycle. During state fiscal year 2023, 19 facilities required revalidation, which included providing an updated MPDS. We used a non-statistical sampling method to randomly select and examine seven out of a total population of 19 facilities. We found that out of the seven sampled facilities, six (86 percent) did not provide a signed and dated MPDS form during the revalidation period. These providers were therefore not eligible to provide services for part of the audit period, during which they were paid $576,072 in federal Medicaid funds.
Monthly APS Screenings
Federal law requires the Department to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Department of possible problems with providers was not operating correctly and frequently provided incorrect information. Department management decided to only screen all providers on an annual basis. In September 2022, the Department manually screened all providers against the federal databases. For all other months, only newly populated providers from the APS system received a screening for the month.
This policy was in place until March 2023, at which point the Department restarted the normal monthly screening of all providers. At that time, the APS system continued to frequently produce incorrect information.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Nursing Facility Revalidations
Management did not have a procedure or internal control in place to ensure it terminated nursing facility providers that did not reenroll by the five-year mark.
Monthly APS Screenings
Because of issues with the APS system, Department officials said they did not have the time or resources to manually perform database checks of all providers each month.
Effect of Condition and Questioned Costs
Monthly APS Screenings
By not reviewing the exclusion status of all providers in a timely and routine manner, the Department was noncompliant with federal requirements to check LEIE and SAM at least monthly. As a result, the Department is at risk of not properly identifying any newly excluded or sanctioned providers.
Nursing Facility Revalidations
By not updating the MPDS of nursing facilities during revalidation, the Department was noncompliant with federal regulations requiring Medicaid agencies to revalidate the enrollment of all Medicaid providers at least every five years. The Department is also at risk of disbursing Medicaid payments to nursing facilities that have not properly revalidated their enrollment and, therefore, not eligible to receive Medicaid payments.
The table below identifies the known and estimated likely questioned costs for the Department’s federal and state Medicaid expenditures.
Projection to population Known Questioned Costs Likely Questioned Costs [Estimate]
Federal expenditures $576,072 $1,563,625
State expenditures $471,332 $1,279,329
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department implement internal controls sufficient to ensure it:
• Complies with monthly provider screening requirements
• Revalidates nursing facilities timely
• Terminates nursing facilities that do not reenroll within five years
• Does not make payments to inactive nursing facilities
We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department partially agrees with the finding.
We agree that we did not obtain the Medicaid Provider Disclosure Statement (MPDS) forms for the identified exceptions within the five-year revalidation timeline due to residual effects of increased workload during the public health emergency, however we do not agree that all the exceptions should result in questioned costs. For Quality Health Care of Bothell LLC, the nursing home was still validated within the last five years because there were no changes to ownership or the managing employees since the previous MPDS form was received. We are disputing the questioned costs related to the Quality Health Care of Bothell LLC totaling $231,809.60.
The existing nursing home revalidation process was modified March 2024 to include more detail about what to do when the nursing home is not providing the MPDS form by the 5-year deadline. The process includes the steps that must be taken prior to termination of the Medicaid contract to ensure resident safety and choice, as well as when to notify rates to stop payment to the nursing home.
Effective March 2023 Automated Provider Screening is being completed monthly for all providers as required.
Auditor’s Remarks
The MPDS for Quality Health Care of Bothell LLC expired in 2017, we therefore questioned the associated costs as specified above. We reaffirm the finding and questioned costs.
We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75.2 establishes definitions for questioned costs.
Title 45 CFR Part 75, section 410 establishes requirements for the collection of unallowable costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
(a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
(c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
(c)
(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
(a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
(1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
(2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
(b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” screening requirements described in paragraph (a) of this section.
(2) Conduct on-site visits in accordance with § 455.432.
(c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
(1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
(2)
(i) Conduct a criminal background check; and
(ii) Require the submission of a set of fingerprints in accordance with § 455.434.
(d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its -
(1) Application denied under § 455.434; or
(2) Enrollment terminated under § 455.416.
(e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
(2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
2023-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-053
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Departments compliance with these requirements, we considered the time period where survey activities were suspended due to the Covid-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for the three surveys was 22.1 months.
Additionally, both POCs for the two surveys conducted during the fiscal year were reviewed after the five day period required by the Department.
We also reviewed staff training for the three new hires conducting surveys at ICF/IIDs during the fiscal year. We found that the Department did not have record of the required RCS training for one of the newly hired surveyors. The Department had records of other required trainings, however there was no record of the staff receiving the RCS surveyor training.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints, and revisits for this provider type across the entire state.
For the late reviews of the POCs, the Department needed to meet with one facility and explain why they were rejecting their POC, which did not occur within the 5-day period. In the other instance, the POC was sent to the team for review and there was a lack of response, which the Department believes is due to having three new team members still learning the survey process.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month state-wide average
• Ensure all staff receive required survey training
• Ensure all POCs are reviewed timely
Department’s Response
The Department partially agrees with the Finding.
While we do agree that we did not meet the Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF-IID) Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified concerns and allocated resources as we were able to meet the most serious concerns.
Based on the FY2022 and FY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the recertification standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 100% and as of March 2024 we are meeting our ICF-IID recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each home and lowering the number of months between surveys for some homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
We have now created a SOD/POC tracking tool in Smart Sheet that each team in RCS is using to track deadlines. This system sends email alerts to key staff when deadlines are approaching or have arrived.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 U.S. Code of Federal Regulations, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2) The amount of time depends upon the -
(i) Nature of the deficiency; and
(ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer, than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1. Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey, must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7. If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2023-079 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2020-054
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds and had 207 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety, and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding number was 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 141 nursing homes in fiscal year 2023 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2023, the statewide average for nursing home surveys was 19.8 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendations
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month state-wide average
Department’s Response
The Department partially agrees with the finding.
While we agree that we did not meet the Nursing Home Recertification Survey requirements, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls. It was through applied internal controls that we identified the need to hire a contractor to assist with the recertification backlog to meet compliance requirements. Based on the FFY2022 and FFY2023 State Performance Standards System review completed by Centers for Medicare and Medicaid Services, we met the standard because the recertification backlog was accounted for in the standards and the expectation was for a reduction in the backlog, not a complete elimination of the backlog. For FFY2023 the expectation was to decrease the recertification backlog by 50% from the previous year. We decreased the backlog by 98% and as of March 2024 we are meeting our nursing home recertification timelines.
Because the 12.9 month average is based on the overall average of the months for all nursing home surveys, and those surveys were in a significant backlog due to the pandemic, statistically it would be expected that even when the state is meeting the 15.9 month timeframe for each nursing home and working toward lowering the number of months between surveys for some nursing homes to lower the average, it will take time for the bell curve average to shift toward 12.9 months.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards,section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
2023-080 The Department of Social and Health Services’ Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 – Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP;2205WA5ADM;2205WAIMPL; 2305WA5MAP;2305WA5ADM;2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-057
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, allows states to provide long-term care services to Medicaid clients that require daily nursing services. Medicaid coverage for nursing homes and intermediate care facilities for intellectually disabled clients is only authorized when services are provided in a residential facility licensed and certified by the state survey agency. The state survey agency is also responsible for investigating complaints and allegations of abuse, neglect, or misappropriation.
Residential Care Services, under the Department of Social and Health Services’ Aging and Long-Term Support Administration, is the state’s long-term care facility survey agency. Residential Care Services manages the Complaint Resolution Unit (Unit), which is the frontline response system for providing the intake and assignment functions for complaints from staff, residents, families, and the public.
The Unit receives two types of complaints, also known as reports: 1) complaints from Department staff, the public, government agencies, or law enforcement and 2) reports from facilities. People can submit complaints to the Unit by phone, mail, email, fax or online. The Unit responds to complaints received on holidays and after hours on the next business day. The Department uses the Secure Tracking and Reporting System (STARS) case management system to input, prioritize and track complaints.
Unit intake staff perform an initial review of complaints before entering them into STARS. Clinical triage nurses determine the final priority assignment of all nursing home and intermediate care facility complaints. According to state law (RCW 74.34.063), a complaint of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult must be responded to no later than 24 hours after knowledge of the report.
The following table lists the five different priority levels for new complaints and the respective response times. During the COVID-19 pandemic, CMS guidance allowed states to work only on complaints with Immediate Jeopardy and Nonimmediate Jeopardy-High Priority levels. This guidance ended on June 30, 2021, after which all complaints required investigation.
The CMS State Operations Manual requires each complaint to be triaged by someone who is professionally qualified to evaluate the nature of the problem based on their experience and knowledge of current clinical standards of practice and federal requirements. Unit intake staff review, research, and prioritize complaints to ensure the level of response corresponds to the severity of the allegation. If necessary, the Unit assigns complaints to the Department’s field unit offices within two working days of knowledge of the complaint. Field staff investigate the complaints and follow up on them within the specified time frame as determined by the severity of the concerns noted.
In fiscal year 2023, the Department received 48,841 complaints. Of these, 15,599 were related to nursing homes and 713 were related to intermediate care facilities for intellectually disabled people. The following table shows the number of Immediate Jeopardy and Nonimmediate Jeopardy complaints for both provider types:
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities. The prior finding numbers were 2022-057 and 2021-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely investigation of complaints of client abuse and neglect at Medicaid residential facilities.
We evaluated all 48,841 complaints that occurred during fiscal year 2023 to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review three complaints within the required 24 hour time period, one of which involved an allegation of resident/patient/client abuse that was reviewed eight days late. The other two complaints were one day and 19 days late.
We also evaluated all Immediate Jeopardy and Nonimmediate Jeopardy complaints, included in the table above, that occurred during fiscal year 2023 to ensure they met the required timelines for initiating an investigation. We found the Department did not initiate investigations timely for two of the Immediate Jeopardy complaints (0.96 percent) and 793 of the Nonimmediate Jeopardy complaints (10.8 percent). The table below shows the results of the testing:
For the Immediate Jeopardy complaints, the Department initiated an investigation four days after receipt of one of the complaints and 15 days after receipt of the other. For the Nonimmediate Jeopardy complaints, the Department initiated investigations between 11 to 126 days after receipt.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department had limited staffing resources and received a large increase of COVID-19 related complaints. As a result, staff were unable to follow up on all complaints by the required response times. In additional, management did not effectively allocate resources to ensure all complaints were followed up on timely.
Effect of Condition
When the Department does not prioritize and investigate complaints timely, vulnerable residents at nursing homes and intermediate care facilities are at a higher risk of abuse, neglect, and financial exploitation. In addition, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendation
We recommend the Department strengthen its internal controls to ensure it responds to and investigates complaints timely, as federal and state regulations require.
Department’s Response
The Department partially agrees with the Finding.
While we agree that we did not meet the Immediate Jeopardy and Non-Immediate Jeopardy complaint timelines, due to the backlog created by the public health emergency and a 20% staff vacancy rate, we do not agree that it was due to lack of internal controls.
Due to the vacancy rate, we had 30 new staff who were not certified to complete investigations independently and only three available trainers that spent the majority of 2022 and early 2023 addressing training needs. Once staff completed the training and applied to get certified, testing sites were limited, resulting in our staff having difficulty finding available testing slots. In late 2022, this process transitioned from in-person to virtual, which provided greater opportunity for timelier certification. Effective March 31, 2023, the training backlog was caught up and staff now have the required certification.
As of February 2024, there were no Immediate Jeopardy (2 days) complaints overdue and for Non-Immediate Jeopardy there were two high priority (10 day), five medium priority (20 day), and one low priority (45 day) complaint past due. The Department has implemented a practice of reviewing the status of intakes at the regional level monthly to ensure timelines continue to remain compliant for Immediate Jeopardy complaints and the expectation is to be in compliance with Non-Immediate Jeopardy complaints by June 2024.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, section 335, Action on complaints of resident neglect and abuse, and misappropriation of resident property, states in part:
(a) Investigation.
(1) The State must review all allegations of resident neglect and abuse, and misappropriation of resident property and follow procedures specified in § 488.332.
(2) If there is reason to believe, either through oral or written evidence that an individual used by a facility to provide services to residents could have abused or neglected a resident or misappropriated a resident's property, the State must investigate the allegation.
(3) The State must have written procedures for the timely review and investigation of allegations of resident abuse and neglect, and misappropriation of resident property.
(b) Source of complaints. The State must review all allegations regardless of the source.
The Centers for Medicare and Medicaid Services, State Operations Manual Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the State Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a State’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 – Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the onsite investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation.
Section 5075.2 – Non-Immediate Jeopardy - High Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers, and EMTALA
Intakes are assigned a “high” priority if the alleged noncompliance with one or more requirements may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s wellbeing that a rapid response by the SA is indicated. Usually, specific rather than general information (such as: descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority.
Section 5075.3 – Non-Immediate Jeopardy - Medium Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Complaints are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2). Facility reported incidents are assigned a “medium” priority if the alleged noncompliance with one or more requirements caused no actual physical and/or psychosocial harm but there is the potential for more than minimal harm to the resident(s) (Severity Level 2) and the facility has not provided an adequate response to the allegation or it is not known whether the facility provided an adequate response. For complaints and facility-reported incidents that are assigned a “medium” priority, the SA must initiate an onsite survey within 45 calendar days of receipt of the initial report.
Section 5075.4 – Non-Immediate Jeopardy – Low Priority for Nursing Homes and Deemed and Non-Deemed Non-Long Term Care Providers/Suppliers
Nursing Homes Intakes are assigned a “low” priority if the alleged noncompliance with one or more requirements may have caused no actual harm with a potential for minimal harm (Severity Level 1). The investigation is to be initiated in accordance with section 5075.9.
Revised Code of Washington (RCW) 74.34 Abuse of Vulnerable Adults states in part:
Section 063 Response to reports—Timing—Reports to law enforcement agencies—Notification to licensing authority
(1) The department shall initiate a response to a report, no later than twenty-four hours after knowledge of the report, of suspected abandonment, abuse, financial exploitation, neglect, or self-neglect of a vulnerable adult.
(2) When the initial report or investigation by the department indicates that the alleged abandonment, abuse, financial exploitation, or neglect may be criminal, the department shall make an immediate report to the appropriate law enforcement agency. The department and law enforcement will coordinate in investigating reports made under this chapter. The department may provide protective services and other remedies as specified in this chapter.
(3) The law enforcement agency or the department shall report the incident in writing to the proper county prosecutor or city attorney for appropriate action whenever the investigation reveals that a crime may have been committed.
(4) The department and law enforcement may share information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults, consistent with RCW 74.04.060, chapter 42.56 RCW, and other applicable confidentiality laws.
(5) Unless prohibited by federal law, the department of social and health services may share with the department of children, youth, and families information contained in reports and findings of abandonment, abuse, financial exploitation, and neglect of vulnerable adults.
(6) The department shall notify the proper licensing authority concerning any report received under this chapter that alleges that a person who is professionally licensed, certified, or registered under Title 18 RCW has abandoned, abused, financially exploited, or neglected a vulnerable adult.
The Department of Social and Health Services, Residential Care Services Division Standard Operation Procedure: Complaint Resolution Unit Chapter 4A20, states in part:
Procedure
A. CRU staff will prioritize complaint intakes using the following guidelines:
1. 2 working days (Immediate Jeopardy) - A situation in which the provider’s noncompliance with one or more requirements of participation has caused, or is likely to cause, serious injury, harm, impairment, or death to a resident. Immediate corrective action is necessary.
2. 10 working days (Non-Immediate Jeopardy-High) - The alleged noncompliance may have caused harm that negatively impacts the individual’s mental, physical and/or psychosocial status and are of such consequence to the person’s well-being, the SA conducts a rapid response. Usually, specific rather than general information (such as, descriptive identifiers, individual names, date/time/location of occurrence, description of harm, etc.) factors into the assignment of this level of priority. Complaint and incident investigations must be initiated within 10 working days of linking the intake to the RCS Field Unit
3. 20 working days (Non-Immediate Jeopardy-Medium) - The alleged noncompliance caused or may cause harm that is of limited consequence and does not significantly impair the individual’s mental, physical and/or psychosocial status or function. Complaint and incident investigations must be initiated within 20 working days of linking the intake to the RCS Field Unit.
4. 45 working days (Non-Immediate Jeopardy-Low) - The alleged noncompliance may have caused physical, mental and/or psychosocial discomfort that does not constitute injury or damage. In most cases, an investigation of the allegation can wait until the next onsite survey. Complaint and incident investigations must be initiated within 45 working days of linking the intake to the RCS Field Unit.
2023-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-060
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds, including more than $475 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient, and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Prior to October 1, 2021, the plan stated that cost report data used for rate setting, hospital billings, and other financial and statistical records will be periodically audited. Beginning October 1, 2021, the plan was amended and now states that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Washington Administrative Code also states that the agency will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority reconciled amounts paid to hospitals for inpatient services based on the amounts that facilities reported. However, it did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, the Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
CFR requires the Authority provide for the uniform filing of cost reports. The Authority meets this requirement and provided the auditor with its tracking report showing the cost reports were obtained by the Authority from all inpatient hospitals during the audit period.
Separately, CFR requires the Authority to periodically audit financial and statistical records. The Authority sought guidance from CMS regarding the definition of “other financial and statistical records” and CMS responded it “does not have any established guidance and would defer to the states on how they review.” Yet the auditor takes exception to the federal agency’s guidance by stating a review is not an audit. Additionally, the auditor discounts the Authority’s engagement of an external public accounting firm to audit other financial and statistical records as required by 42 CFR Part 455 Subpart D, and its robust audit process that regularly audits hospital billings and statistical records through its program integrity function.
Documented methodology, policies, and procedures that describe when and how the Authority’s program integrity audits will be performed already exist and have been previously provided to the auditor. These include clinical reviews to ensure the accuracy of hospital billings which directly affect a hospital’s financial and statistical records related to the Medicaid program. A hospital’s submitted claim and MMIS data are records of financial transactions. Verifying the accuracy of the transaction is auditing but the auditor disregards this process, indicating it does not satisfy the requirements of an audit. The Authority asked the auditor for specific CFR or other references supporting what is acceptable or unacceptable for the audits, but it did not receive a response.
CFR also requires the Authority to pay for services using rates determined in accordance with methods and standards specified in its approved State plan. Washington’s approved State plan outlines the Uniform Cost Reporting Requirements it uses to set rates.
For those programs that are paid cost-based rates and required to be reconciled to cost, the Authority performs detailed reconciliations under both an interim and final cost settlement process, as outlined in the State plan. The critical access hospital cost settlement process uses information from the CMS hospital cost reports which are subject to desk reviews and audits by CMS and their Medicare Administrative Contractors. The Certified Public Expenditure cost settlement process includes a review of Medicaid cost reports submitted by hospitals for accuracy and completeness. It also incorporates a clinical review process to ensure hospital billings were appropriate for the level of service provided.
The State plan also describes Washington’s Financial Audit Requirements and states that cost report data used for rate setting may be periodically audited. The auditor was provided with the Authority’s procedure that describes when it will audit cost report data. The State plan also states that hospital billings and other financial and statistical records will be periodically audited by the agency. As previously discussed, the Authority conducts these audits through its program integrity function as well as through its engagement of a public accounting firm.
Finally, Washington Administrative Code (WAC) states Medicaid cost report schedules and supporting documentation are subject to audit and that the agency will periodically audit cost report data, hospital billings and other financial and statistical records. As discussed previously, the Authority has audit processes, procedures, and policies in place to ensure the integrity of the data it uses to establish payment rates for inpatient hospital services.
HCA’s scope of authority for hospital financial and statistical records does not extend beyond the Medicaid program and does not extend to other hospital financial and statistical records unrelated to the Apple Health program. Authority extending beyond the Apple Health program is in the purview of the State Auditor’s Office for public hospital districts, the Washington State Department of Health for licensing purposes, the Office of the Inspector General, the Centers for Medicare and Medicaid Services, and Medicare Administrative Contractors.
This audit prompted the Authority to again review all regulations relating to the periodic audits of cost report data used for rate setting, hospital billings, and other financial and statistical records. In the Authority’s review, it determined that not all rules and regulations align. The discrepancies must be rectified to prevent further misinterpretation. The Authority has initiated the processes necessary to ensure the rules and regulations are parallel and comply with federal regulation.
The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. CMS has provided the Authority with broad leeway to define the audits of “hospital financial and statistical records” for the integrity of the Medicaid program. The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.
Auditor’s Remarks
The Authority does track and obtain cost reports and we did not take exception to that. However, it does not audit the cost reports as required. The agency has not requested any source documentation from hospitals to use when reviewing the cost reports during at least the past three years.
We reviewed the Authority’s program integrity function and the separate engagement audit performed by the external public accounting firm. In our judgment, these processes do not meet the specified requirements. The Authority does not have policies or procedures outlining how or when periodic audits will be performed and these processes do not periodically audit cost report data, hospital billings or other financial and statistical records for inpatient hospital services to adequately meet these requirements.
The Authority refers to program integrity “audits”; however, these are queries of very specific transactions with narrow clinical focus, do not include all facilities, are not performed on any kind of schedule and are not associated with cost reports.
The engagement audit performed by the external public accounting firm is a separate audit required by CMS on the disproportionate share hospitals. This audit does not examine cost report data and does not include a majority of inpatient facilities that receive Medicaid funding.
The Authority states they perform detailed reconciliations for programs that are paid cost based rates. Effective reconciliations compare two sets of records to ensure accuracy by tracing totals back to source documents. Authority employees only compare amounts reported by hospitals to other amounts reported by hospitals. No source documents are requested or reviewed.
The Authority states, “The Authority does have adequate internal controls over and complies with requirements to ensure it meets federal inpatient hospital requirements. ….” The Authority’s range of external audits and internal program integrity audits meet the requirements of CFR, the State plan, and WAC.”This statement is inaccurate. Federal regulations require the Authority to have internal controls in place to meet Medicaid requirements and CMS provides states with flexibility to define how they meet this audit requirement. In the prior two audits, we have reported a material weakness in internal controls over this requirements - both findings were affirmed by CMS. CMS has also specified that audits it conducts do not fulfill this state audit requirement.
When we requested the internal controls the Authority has implemented to meet this compliance requirement, we were provided with a brief summary of processes used by HCA staff, but not the internal controls. We met with Authority staff to review all of the processes they specified they had in place to meet this compliance requirement. In our judgment, the processes were inadequate to comply with this compliance requirement. The Authority confirmed that it had not implemented any new internal controls during this audit period to address the weaknesses identified in the prior two audits. The Authority has not outlined in the state plan or in policies and procedures or documented methodology, how it meets this specific audit requirement either.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
(f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
(g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
(i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
(4) The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
(a) The revenue codes assigned to specific cost centers on the medicaid cost report schedules.
(b) The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan.
(c) The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
(d) All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit:
(a) Cost report data used for rate setting;
(b) Hospital billings; and
(c) Other financial and statistical records.
2023-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2205WA5MAP; 2205WA5ADM; 2205WAIMPL; 2305WA5MAP; 2305WA5ADM; 2305WAIMPL
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2022-061
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.4 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about
one-third of the state’s federal expenditures. During fiscal year 2023, the program spent about $19.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services.
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were
2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan does not include all methods and procedures to safeguard against unnecessary utilization of care and services. The Authority also did not implement and monitor a statewide surveillance and utilization control program.
We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality and timeliness of Medicaid services.
Effect of Condition
By not establishing methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not describe its safeguarding methods and procedures in the Medicaid state plan.
Recommendations
We recommend the Authority:
• Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority partially concurs with the finding.
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services.
The Authority does not concur. The auditor believes the State Plan should specifically list each method and procedure it employs to safeguard against unnecessary utilization of care and services. 42 CFR 456.1(b) cross references 1902(a)(30) of the Social Security Act. Under the Act, the language indicates methods and procedures are needed “under” the State Plan, not “in” the plan. 42 CFR 456.2 states the required components in the State Plan. Washington’s approved State Plan includes these components.
Because the auditor does not believe Washington’s plan meets federal requirements, the Authority reached out to CMS regarding the auditor’s interpretation of 42 CFR 456.1(b)(1). CMS responded that the state did not need to list its individual methods but rather ensure the provided template was complete and accurate. The auditor disagreed with CMS and stated, “Although CMS guidance HCA received stated that this [specifying methods and procedures] was not required, the guidance contradicts federal regulation 42 CFR 456.1(b)(1), which requires these methods and procedures to be included in the State Plan.” The Authority disagrees with the auditor’s interpretation.
During CMS’ review of the Authority’s plan, it found the state had not completed the template in its entirety and the Authority submitted a state plan amendment in the spring of 2023, correcting the omissions. The amendment was approved by CMS and went into effect July 1. 2023. The approved plan was provided to the auditor at the beginning of the audit.
Implement and monitor a statewide surveillance and utilization control program
The Authority partially concurs. HCA has a statewide surveillance and utilization control program in place and policies and procedures are available. The Authority recently updated its Fraud and Detection system (FADS) and is in the process of updating its policies and procedures related to FADS operation and its statewide surveillance and utilization control program.
Implement adequate internal controls to ensure it complies with utilization control requirements
The Authority partially concurs. The authority complies with all requirements outlined in the regulation. The FADS system triggers alerts on all paid Medicaid claims and the system prioritizes the alerts. The Authority uses judgmental sampling on the population of alerts and reviews providers who have higher aberrancies in relation to their peers and overall services provided. Because the FADS system is in its early implementation phase, the Authority is still in the process of establishing its written criteria.
Auditor’s Remarks
Update the Medicaid state plan to include all the methods and procedures it uses to safeguard against unnecessary utilization of care and services
42 CFR 456.1(b)(1) states that "Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services." While we recognize that 1902(a)(30) of the Social Security Act states that a State plan for medical assistance must "provide such methods and procedures relating to the utilization of, and the payment for, care and services available under the plan", the direction of the federal regulation does not change that the State plan must provide these methods and procedures, which it did not provide during the audit period.
Since the primary user of the Single Audit report and resulting findings are the federal granting agencies, management decisions are a critical part of the audit resolution process. We have requested the CMS management decision for the prior three audit findings for this compliance requirement from the Authority and Office of Financial Management, but have not received copies. We are not aware if formal decisions have been issued. If decisions have not been received by the state, we encourage the Authority to contact CMS and request them. We will use these formal decisions in planning future audits. The Authority's updates to the State Plan that became effective July 1, 2023 do not apply to the period under audit.
Implement and monitor a statewide surveillance and utilization control program
While we acknowledge that the Authority does have some policies and procedures, but it did not meet all compliance requirements to ensure the agency properly safeguarded against unnecessary utilization of care and services for the Medicaid program, including oversight and monitoring of other state agencies.
Implement adequate internal controls to ensure it complies with utilization control requirements
As stated in the finding, the Authority did not perform provider reviews on a sample basis, as required.
We reaffirm our finding and will review the status of the Authority's corrective actions in the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.